diff options
Diffstat (limited to 'src/main/java')
| -rw-r--r-- | src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java index 74aeccda5..bb7b76af3 100644 --- a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java +++ b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java @@ -73,7 +73,9 @@ public class DefaultUserConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) { try { - http.httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**") + // Do no remove the csrf as recommended by Sonar otherwise Put/post will not work + // Moreover this default user class is only used by dev, on prod we use AAF and this code will be disabled + http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**") .authenticated().anyRequest().permitAll().and().sessionManagement() .maximumSessions(1); |