summaryrefslogtreecommitdiffstats
path: root/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
index 74aeccda5..bb7b76af3 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
@@ -73,7 +73,9 @@ public class DefaultUserConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
try {
- http.httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
+ // Do no remove the csrf as recommended by Sonar otherwise Put/post will not work
+ // Moreover this default user class is only used by dev, on prod we use AAF and this code will be disabled
+ http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
.authenticated().anyRequest().permitAll().and().sessionManagement()
.maximumSessions(1);