github-forks
/
arthas
mirror of https://github.com/alibaba/arthas.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Disable csrf auth by default

Browse Source
pull/1490/merge^2
gongdewei 4 years ago
parent e0328d48f8
commit 04c712dbc9
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File

13
channel/channel-server-app/src/main/java/com/alibaba/arthas/channel/server/WebSecurityConfig.java
Unescape Escape View File

@ -20,12 +20,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
String username = channelServerProperties.getAuth().getUsername();
if (StringUtils.hasText(username)) {
String password = channelServerProperties.getAuth().getPassword();
if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
auth.inMemoryAuthentication()
//.passwordEncoder(new BCryptPasswordEncoder())
.passwordEncoder(NoOpPasswordEncoder.getInstance()) // CHANGE IT for production
.passwordEncoder(NoOpPasswordEncoder.getInstance()) // TODO: CHANGE IT for production
.withUser(username)
.password(channelServerProperties.getAuth().getPassword())
.password(password)
.roles("USER");
}
}
@ -33,11 +34,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
String username = channelServerProperties.getAuth().getUsername();
if (StringUtils.hasText(username)) {
String password = channelServerProperties.getAuth().getPassword();
if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
http.csrf().disable().authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
} else {
// disable csrf auth: https://stackoverflow.com/a/29917946
http.csrf().disable();
}
}
}
Write Preview
Loading…
Cancel
Save