simulate csrf attack

2016-01-24 22:20:14 +02:00
parent 8771311100
commit e8bfbd7881
13 changed files with 152 additions and 74 deletions
--- a/spring-security-rest/src/main/java/org/baeldung/spring/SecurityJavaConfig.java
+++ b/spring-security-rest/src/main/java/org/baeldung/spring/SecurityJavaConfig.java
@@ -42,7 +42,8 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
        .authenticationEntryPoint(restAuthenticationEntryPoint)
        .and()
        .authorizeRequests()
-        .antMatchers("/**").authenticated()
+        .antMatchers("/api/csrfAttacker*").permitAll()
+        .antMatchers("/api/**").authenticated()
        .and()
        .formLogin()
        .successHandler(authenticationSuccessHandler)