Example 1 with CORSFilter
use of com.b2international.snowowl.core.rest.util.CORSFilter in project snow-owl by b2ihealthcare.
the class SnowOwlSecurityConfig method configure.
@SuppressWarnings({ "lgtm[java/spring-disabled-csrf-protection]" })
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
// handle X-Forwarded headers
http.addFilterBefore(new ForwardedHeaderFilter(), BasicAuthenticationFilter.class);
// add dev time CORS filter
if (PlatformUtil.isDevVersion()) {
http.addFilterAfter(new CORSFilter(), BasicAuthenticationFilter.class);
}
// authentication is handled internally in AuthorizedRequest
http.authorizeRequests().antMatchers("/**").permitAll();
}
Also used :
ForwardedHeaderFilter(org.springframework.web.filter.ForwardedHeaderFilter)
CORSFilter(com.b2international.snowowl.core.rest.util.CORSFilter)
Aggregations
CORSFilter (com.b2international.snowowl.core.rest.util.CORSFilter)1
ForwardedHeaderFilter (org.springframework.web.filter.ForwardedHeaderFilter)1
