dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: change url in JavaScript for JWT endpoint

Browse Source 
The JavaScript pointed to the context root /WebWolf/ which is no longer in use.
This commit is contained in:
Nanne Baars 2023-02-16 10:11:17 +00:00
parent 075b1ab30a
commit 693771220c
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java
View File

@ -48,14 +48,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
http.authorizeRequests() http.authorizeRequests()
.antMatchers("/css/**", "/images/**", "/js/**", "/fonts/**", "/webjars/**", "/home") .antMatchers(HttpMethod.POST, "/fileupload")
.permitAll()
.antMatchers(HttpMethod.GET, "/mail/**", "/requests/**")
.authenticated() .authenticated()
.antMatchers("/files") .antMatchers(HttpMethod.GET, "/files", "/mail", "/requests")
.authenticated() .authenticated()
.and()
.authorizeRequests()
.anyRequest() .anyRequest()
.permitAll(); .permitAll();
security.and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true"); security.and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true");
security.and().formLogin().loginPage("/login").defaultSuccessUrl("/home", true).permitAll(); security.and().formLogin().loginPage("/login").defaultSuccessUrl("/home", true).permitAll();
security.and().logout().permitAll(); security.and().logout().permitAll();