Disable Security at OASP4j (momentarily solution before migrating "Security Module") #20
Description
Meaning
Due to the current state of the sample application, we've decided, just for now, before we understand how Security Module must work, to disable it so we can perform different HTTP operations. Applying this "solution" the server won't need to respond to an already logged user, and it will be possible to retrieve data lists from it.
Code Modification
It will be necessary to modify several files on the "oasp4j-sample-core" project.
BaseWebSecurityConfig.java --> (oasp4j-sample-core/src/main/java/io.oasp.gastronomy.restaurant/general/configuration/)
Enable CORS operations:
@Value("${security.cors.enabled}")
boolean corsEnabled = true; // false -> true
Add REST operations' paths as usecured:
String[] unsecuredResources =
new String[] { "/login", "/security/**", "/services/rest/login", "/services/rest/logout", "/services/rest/**" };
Comment the call to CsrfRequestMatcher:
// activate crsf check for a selection of urls (but not for login & logout)
// .csrf().requireCsrfProtectionMatcher(new CsrfRequestMatcher()).and()
Just right after that, disable CSRF
// disable CSRF filtering all together
.csrf().disable()
CsrfRequestMatcher.java --> (opas4j-sample-core/src/main/java/io/oasp/gastronomy/restaurant/general/common/impl/security)
Add paths without CSRF protection:
// private static final String[] PATH_PREFIXES_WITHOUT_CSRF_PROTECTION =
// { "/login", "/logout", "/services/rest/login", "/websocket" };
private static final String[] PATH_PREFIXES_WITHOUT_CSRF_PROTECTION =
{ "/login", "/logout", "/services/rest/**", "/websocket" };
application.properties --> (oasp4j-sample-core/src/main/resources)
Enable CORS operations:
security.cors.enabled=true //false --> true
SpringBootApp.java --> (oasp4j-sample-core/src/main/java/io/oasp/gastronomy/restaurant/
// disable Global Security Method
@EnableGlobalMethodSecurity(jsr250Enabled = false)
Anyway, I put here how those 4 files should look like by the end of this configuration: