Small improvements (#1848)
* refactor: remove CORS * improvement: add healthcheck to Docker file
This commit is contained in:
		| @ -33,3 +33,6 @@ ENTRYPOINT [ "java", \ | |||||||
|    "--add-opens", "java.base/java.io=ALL-UNNAMED", \ |    "--add-opens", "java.base/java.io=ALL-UNNAMED", \ | ||||||
|    "-Drunning.in.docker=true", \ |    "-Drunning.in.docker=true", \ | ||||||
|    "-jar", "webgoat.jar", "--server.address", "0.0.0.0" ] |    "-jar", "webgoat.jar", "--server.address", "0.0.0.0" ] | ||||||
|  |  | ||||||
|  | HEALTHCHECK --interval=30s --timeout=3s \ | ||||||
|  |   CMD curl --fail http://localhost:8080/WebGoat/actuator/health || exit 1 | ||||||
|  | |||||||
| @ -30,7 +30,6 @@ | |||||||
|  */ |  */ | ||||||
| package org.owasp.webgoat.container; | package org.owasp.webgoat.container; | ||||||
|  |  | ||||||
| import java.util.List; |  | ||||||
| import lombok.AllArgsConstructor; | import lombok.AllArgsConstructor; | ||||||
| import org.owasp.webgoat.container.users.UserService; | import org.owasp.webgoat.container.users.UserService; | ||||||
| import org.springframework.beans.factory.annotation.Autowired; | import org.springframework.beans.factory.annotation.Autowired; | ||||||
| @ -44,9 +43,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe | |||||||
| import org.springframework.security.core.userdetails.UserDetailsService; | import org.springframework.security.core.userdetails.UserDetailsService; | ||||||
| import org.springframework.security.crypto.password.NoOpPasswordEncoder; | import org.springframework.security.crypto.password.NoOpPasswordEncoder; | ||||||
| import org.springframework.security.web.SecurityFilterChain; | import org.springframework.security.web.SecurityFilterChain; | ||||||
| import org.springframework.web.cors.CorsConfiguration; |  | ||||||
| import org.springframework.web.cors.CorsConfigurationSource; |  | ||||||
| import org.springframework.web.cors.UrlBasedCorsConfigurationSource; |  | ||||||
|  |  | ||||||
| /** Security configuration for WebGoat. */ | /** Security configuration for WebGoat. */ | ||||||
| @Configuration | @Configuration | ||||||
| @ -61,7 +57,6 @@ public class WebSecurityConfig { | |||||||
|     return http.authorizeHttpRequests( |     return http.authorizeHttpRequests( | ||||||
|             auth -> |             auth -> | ||||||
|                 auth.requestMatchers( |                 auth.requestMatchers( | ||||||
|                         "/", |  | ||||||
|                         "/favicon.ico", |                         "/favicon.ico", | ||||||
|                         "/css/**", |                         "/css/**", | ||||||
|                         "/images/**", |                         "/images/**", | ||||||
| @ -69,7 +64,8 @@ public class WebSecurityConfig { | |||||||
|                         "fonts/**", |                         "fonts/**", | ||||||
|                         "/plugins/**", |                         "/plugins/**", | ||||||
|                         "/registration", |                         "/registration", | ||||||
|                         "/register.mvc") |                         "/register.mvc", | ||||||
|  |                         "/actuator/**") | ||||||
|                     .permitAll() |                     .permitAll() | ||||||
|                     .anyRequest() |                     .anyRequest() | ||||||
|                     .authenticated()) |                     .authenticated()) | ||||||
| @ -87,7 +83,6 @@ public class WebSecurityConfig { | |||||||
|               oidc.loginPage("/login"); |               oidc.loginPage("/login"); | ||||||
|             }) |             }) | ||||||
|         .logout(logout -> logout.deleteCookies("JSESSIONID").invalidateHttpSession(true)) |         .logout(logout -> logout.deleteCookies("JSESSIONID").invalidateHttpSession(true)) | ||||||
|         .cors(cors -> cors.configurationSource(corsConfigurationSource())) |  | ||||||
|         .csrf(csrf -> csrf.disable()) |         .csrf(csrf -> csrf.disable()) | ||||||
|         .headers(headers -> headers.disable()) |         .headers(headers -> headers.disable()) | ||||||
|         .exceptionHandling( |         .exceptionHandling( | ||||||
| @ -96,17 +91,6 @@ public class WebSecurityConfig { | |||||||
|         .build(); |         .build(); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   private CorsConfigurationSource corsConfigurationSource() { |  | ||||||
|     CorsConfiguration configuration = new CorsConfiguration(); |  | ||||||
|     configuration.addAllowedOriginPattern(CorsConfiguration.ALL); |  | ||||||
|     configuration.setAllowedMethods(List.of(CorsConfiguration.ALL)); |  | ||||||
|     configuration.setAllowedHeaders(List.of(CorsConfiguration.ALL)); |  | ||||||
|     configuration.setAllowCredentials(true); |  | ||||||
|     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); |  | ||||||
|     source.registerCorsConfiguration("/**", configuration); |  | ||||||
|     return source; |  | ||||||
|   } |  | ||||||
|  |  | ||||||
|   @Autowired |   @Autowired | ||||||
|   public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { |   public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { | ||||||
|     auth.userDetailsService(userDetailsService); |     auth.userDetailsService(userDetailsService); | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user