diff --git a/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java b/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java index 4dcf431..14c1cae 100644 --- a/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java +++ b/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java @@ -4,7 +4,6 @@ package com.eactive.testmaster.config; import com.navercorp.lucy.security.xss.servletfilter.XssEscapeServletFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -15,9 +14,8 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.security.web.csrf.CsrfToken; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.csrf.CsrfTokenRepository; -import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @Configuration @EnableWebSecurity @@ -52,7 +50,6 @@ public class PortalConfigSecurity { @Bean public CsrfTokenRepository csrfTokenRepository(CsrfExclusionService csrfExclusionService) { -// HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); CookieCsrfTokenRepository repository = new CookieCsrfTokenRepository(); repository.setCookieHttpOnly(false); return new CsrfTokenRepository() { @@ -91,8 +88,6 @@ public class PortalConfigSecurity { .csrfTokenRepository(csrfTokenRepository(csrfExclusionService)) .ignoringRequestMatchers(request -> csrfExclusionService.shouldExclude(request.getServletPath())) .ignoringAntMatchers("/h2-console/**") - -// .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) ).headers(headers -> headers.frameOptions().sameOrigin()) .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)