dcoraboeuf#285 Disable CSRF configuration (client migration needed)

cpf · Nov 28, 2013 · 70f5ede · 70f5ede
1 parent caebae7
commit 70f5ede
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/ontrack-web/src/main/java/net/ontrack/web/config/WebSecurityConfig.java b/ontrack-web/src/main/java/net/ontrack/web/config/WebSecurityConfig.java
@@ -27,7 +27,11 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
+                // FIXME Reenable CSRF protection (depends on the client)
+                // See http://docs.spring.io/spring-security/site/docs/3.2.0.RC2/reference/htmlsingle/#csrf-using
+                .csrf().disable()
                 .formLogin().loginPage("/login").successHandler(authenticationSuccessHandler).and()
                 .authorizeRequests().anyRequest().permitAll();
+        // FIXME Logout configuration
     }
 }
diff --git a/ontrack-web/src/main/resources/log4j.properties b/ontrack-web/src/main/resources/log4j.properties
@@ -3,7 +3,7 @@
 log4j.rootLogger=warn, Console
 
 #log4j.logger.org.springframework=info
-log4j.logger.org.springframework.security=debug
+#log4j.logger.org.springframework.security=debug
 log4j.logger.net.ontrack=debug
 log4j.logger.net.ontrack.backend.LogPost=info
 log4j.logger.net.sf.dbinit=debug