summaryrefslogtreecommitdiffhomepage
path: root/src/main/java/com/blog/web/security/SecurityConfig.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/blog/web/security/SecurityConfig.java')
-rw-r--r--src/main/java/com/blog/web/security/SecurityConfig.java19
1 files changed, 1 insertions, 18 deletions
diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java
index b459224..17e09c7 100644
--- a/src/main/java/com/blog/web/security/SecurityConfig.java
+++ b/src/main/java/com/blog/web/security/SecurityConfig.java
@@ -28,24 +28,7 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// disabling csrf leaves us vulnerable, in a real production app do not do this
- http.csrf(c -> c.disable())
- .cors(c -> c.disable())
- .authorizeHttpRequests( auths -> auths
- .anyRequest()
- .permitAll()
- )
- .formLogin(form -> form
- .loginPage("/userlogin")
- .usernameParameter("username")
- .passwordParameter("password")
- .defaultSuccessUrl("/articles")
- .loginProcessingUrl("/userlogin")
- .failureUrl("/userlogin?error=true")
- .permitAll()
- ).logout(
- logout -> logout
- .logoutUrl("/logout")
- .logoutSuccessUrl("/articles"));
+ http.csrf(c -> c.disable()).cors(c -> c.disable()).authorizeHttpRequests(auths -> auths.anyRequest().permitAll()).formLogin(form -> form.loginPage("/userlogin").usernameParameter("username").passwordParameter("password").defaultSuccessUrl("/articles").loginProcessingUrl("/userlogin").failureUrl("/userlogin?error=true").permitAll()).logout(logout -> logout.logoutUrl("/logout").logoutSuccessUrl("/articles"));
return http.build();
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-19 06:49:43 +0000