■ ■ ■ ■ ■ ■
src/main/java/org/owasp/wrongsecrets/HerokuWebSecurityConfig.java
1 | 1 | | package org.owasp.wrongsecrets; |
2 | 2 | | |
| 3 | + | import org.springframework.context.annotation.Bean; |
3 | 4 | | import org.springframework.context.annotation.Configuration; |
4 | 5 | | import org.springframework.core.annotation.Order; |
5 | 6 | | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
6 | | - | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
| 7 | + | import org.springframework.security.web.SecurityFilterChain; |
7 | 8 | | |
8 | 9 | | @Configuration |
9 | | - | @Order(1) |
10 | | - | public class HerokuWebSecurityConfig extends WebSecurityConfigurerAdapter { |
| 10 | + | public class HerokuWebSecurityConfig { |
11 | 11 | | |
12 | | - | @Override |
13 | | - | protected void configure(HttpSecurity http) throws Exception { |
| 12 | + | @Bean |
| 13 | + | @Order(1) |
| 14 | + | public SecurityFilterChain configureHerokuWebSecurity(HttpSecurity http) throws Exception { |
14 | 15 | | http.requiresChannel() |
15 | 16 | | .requestMatchers(r -> r.getRequestURL().toString().contains("heroku") && (r.getHeader("x-forwarded-proto") != null || r.getHeader("X-Forwarded-Proto") != null)) |
16 | 17 | | .requiresSecure(); |
| 18 | + | return http.build(); |
17 | 19 | | } |
18 | 20 | | } |
19 | 21 | | |