Skip to content

Commit b456da4

Browse files
Brutus5000Brutus5000
committed
Remove (some) deprecated configs
1 parent c789fbd commit b456da4

File tree

1 file changed

+2
-18
lines changed

1 file changed

+2
-18
lines changed

src/main/java/com/faforever/api/config/security/WebSecurityConfig.java

Lines changed: 2 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -10,17 +10,13 @@
1010
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
1111
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
1212
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
13+
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
1314
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
1415
import org.springframework.security.web.SecurityFilterChain;
1516
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
1617
import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
17-
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
18-
import org.springframework.security.web.util.matcher.OrRequestMatcher;
19-
import org.springframework.security.web.util.matcher.RequestMatcher;
2018

21-
import jakarta.servlet.http.HttpServletRequest;
2219
import java.util.Map;
23-
import java.util.regex.Pattern;
2420

2521
@Configuration
2622
@EnableWebSecurity
@@ -31,19 +27,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
3127
final var bearerTokenResolver = new DefaultBearerTokenResolver();
3228
bearerTokenResolver.setAllowUriQueryParameter(true);
3329

34-
// @formatter:off
35-
http.csrf(csrfConfig -> csrfConfig.requireCsrfProtectionMatcher(new RequestMatcher() {
36-
private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
37-
private final RequestMatcher matcher = new OrRequestMatcher(
38-
new AntPathRequestMatcher("/oauth/authorize"),
39-
new AntPathRequestMatcher("/login"));
40-
41-
@Override
42-
public boolean matches(HttpServletRequest request) {
43-
return matcher.matches(request) && !allowedMethods.matcher(request.getMethod()).matches();
44-
}
45-
}));
46-
http.headers(headersConfig -> headersConfig.cacheControl().disable());
30+
http.headers(headersConfig -> headersConfig.cacheControl(HeadersConfigurer.CacheControlConfig::disable));
4731
http.formLogin(AbstractHttpConfigurer::disable);
4832
http.oauth2ResourceServer(oauth2Config -> {
4933
oauth2Config.bearerTokenResolver(bearerTokenResolver);

0 commit comments

Comments
 (0)