From 2cb27295cf0f19ff9086b4008a006f7befe6c42c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=ED=98=84=EC=84=B1=ED=95=84?= Date: Thu, 25 Apr 2024 11:32:33 +0900 Subject: [PATCH] =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=A0=95=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../eactive/testmaster/config/PortalConfigSecurity.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java b/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java index 4dcf431..14c1cae 100644 --- a/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java +++ b/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java @@ -4,7 +4,6 @@ package com.eactive.testmaster.config; import com.navercorp.lucy.security.xss.servletfilter.XssEscapeServletFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -15,9 +14,8 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.security.web.csrf.CsrfToken; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.csrf.CsrfTokenRepository; -import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @Configuration @EnableWebSecurity @@ -52,7 +50,6 @@ public class PortalConfigSecurity { @Bean public CsrfTokenRepository csrfTokenRepository(CsrfExclusionService csrfExclusionService) { -// HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); CookieCsrfTokenRepository repository = new CookieCsrfTokenRepository(); repository.setCookieHttpOnly(false); return new CsrfTokenRepository() { @@ -91,8 +88,6 @@ public class PortalConfigSecurity { .csrfTokenRepository(csrfTokenRepository(csrfExclusionService)) .ignoringRequestMatchers(request -> csrfExclusionService.shouldExclude(request.getServletPath())) .ignoringAntMatchers("/h2-console/**") - -// .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) ).headers(headers -> headers.frameOptions().sameOrigin()) .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)