fix: change url in JavaScript for JWT endpoint

The JavaScript pointed to the context root /WebWolf/ which is no longer in use.
2023-02-16 10:11:17 +00:00 · 2023-02-16 10:11:17 +00:00 · 693771220c
commit 693771220c
parent 075b1ab30a
1 changed files with 5 additions and 4 deletions
--- a/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java
+++ b/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java
@ -48,14 +48,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  protected void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
        http.authorizeRequests()
-            .antMatchers("/css/**", "/images/**", "/js/**", "/fonts/**", "/webjars/**", "/home")
-            .permitAll()
-            .antMatchers(HttpMethod.GET, "/mail/**", "/requests/**")
+            .antMatchers(HttpMethod.POST, "/fileupload")
            .authenticated()
-            .antMatchers("/files")
+            .antMatchers(HttpMethod.GET, "/files", "/mail", "/requests")
            .authenticated()
+            .and()
+            .authorizeRequests()
            .anyRequest()
            .permitAll();
+
    security.and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true");
    security.and().formLogin().loginPage("/login").defaultSuccessUrl("/home", true).permitAll();
    security.and().logout().permitAll();