crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits 7d23ca62
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/ActuatorSecurityConfiguration.java
     1 +package org.owasp.wrongsecrets;
     2 + 
     3 +import org.springframework.context.annotation.Bean;
     4 +import org.springframework.context.annotation.Configuration;
     5 +import org.springframework.core.annotation.Order;
     6 +import org.springframework.security.config.annotation.web.builders.HttpSecurity;
     7 +import org.springframework.security.web.SecurityFilterChain;
     8 + 
     9 +@Configuration
     10 +public class ActuatorSecurityConfiguration {
     11 + 
     12 + @Bean
     13 + @Order(2)
     14 + public SecurityFilterChain configureActuatorSecurity(HttpSecurity http) throws Exception {
     15 + http.requestMatcher(r ->
     16 + r.getRequestURL().toString().contains("/actuator/health"))
     17 + .csrf().disable();
     18 + return http.build();
     19 + }
     20 +}
     21 + 
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/ActuatorecurityConfiguration.java
    1  -package org.owasp.wrongsecrets;
    2  - 
    3  -import org.springframework.context.annotation.Configuration;
    4  -import org.springframework.core.annotation.Order;
    5  -import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    6  - 
    7  -@Configuration
    8  -@Order(2)
    9  -public class ActuatorecurityConfiguration extends HerokuWebSecurityConfig {
    10  - 
    11  - @Override
    12  - protected void configure(HttpSecurity http) throws Exception {
    13  - http.requestMatcher(r ->
    14  - r.getRequestURL().toString().contains("/actuator/health"))
    15  - .csrf().disable();
    16  - }
    17  -}
    18  - 
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/HerokuWebSecurityConfig.java
    1 1  package org.owasp.wrongsecrets;
    2 2   
     3 +import org.springframework.context.annotation.Bean;
    3 4  import org.springframework.context.annotation.Configuration;
    4 5  import org.springframework.core.annotation.Order;
    5 6  import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    6  -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
     7 +import org.springframework.security.web.SecurityFilterChain;
    7 8   
    8 9  @Configuration
    9  -@Order(1)
    10  -public class HerokuWebSecurityConfig extends WebSecurityConfigurerAdapter {
     10 +public class HerokuWebSecurityConfig {
    11 11   
    12  - @Override
    13  - protected void configure(HttpSecurity http) throws Exception {
     12 + @Bean
     13 + @Order(1)
     14 + public SecurityFilterChain configureHerokuWebSecurity(HttpSecurity http) throws Exception {
    14 15   http.requiresChannel()
    15 16   .requestMatchers(r -> r.getRequestURL().toString().contains("heroku") && (r.getHeader("x-forwarded-proto") != null || r.getHeader("X-Forwarded-Proto") != null))
    16 17   .requiresSecure();
     18 + return http.build();
    17 19   }
    18 20  }
    19 21   
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/canaries/TokenCallbackSecurityConfiguration.java
    1 1  package org.owasp.wrongsecrets.canaries;
    2 2   
     3 +import org.springframework.context.annotation.Bean;
    3 4  import org.springframework.context.annotation.Configuration;
    4 5  import org.springframework.core.annotation.Order;
    5 6  import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    6  -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
     7 +import org.springframework.security.web.DefaultSecurityFilterChain;
    7 8   
    8 9  @Configuration
    9  -@Order(0)
    10  -public class TokenCallbackSecurityConfiguration extends WebSecurityConfigurerAdapter {
     10 +public class TokenCallbackSecurityConfiguration {
    11 11   
    12  - @Override
    13  - protected void configure(HttpSecurity http) throws Exception {
     12 + @Bean
     13 + @Order(0)
     14 + public DefaultSecurityFilterChain configureTokenCallbackSecurity(HttpSecurity http) throws Exception {
    14 15   http.requestMatcher(r ->
    15 16   r.getRequestURL().toString().contains("canaries") || r.getRequestURL().toString().contains("token"))
    16 17   .csrf().disable();
     18 + return http.build();
    17 19   }
    18 20  }
    19 21   
Please wait...
Page is in error, reload to recover