Skip to content

Commit

Permalink
fix: Warning messages removal during the build process
Browse files Browse the repository at this point in the history 
Signed-off-by: Oleg Kopysov <o.kopysov@samsung.com>
  • Loading branch information
@o-kopysov
o-kopysov committed Aug 30, 2024
1 parent 006047b commit d72de56
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 48 deletions.
99 changes: 52 additions & 47 deletions src/main/java/com/lpvs/config/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,16 @@
import java.io.IOException;
import java.nio.charset.StandardCharsets;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
Expand Down Expand Up @@ -73,53 +73,58 @@ public class SecurityConfig {
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/oauth/logout"))
.logoutSuccessUrl(frontendMainPageUrl)
.invalidateHttpSession(true)
.clearAuthentication(true)
.and()
.authorizeRequests()
.anyRequest()
.permitAll()
.and()
.oauth2Login()
.successHandler(
new AuthenticationSuccessHandler() {
@Value("${frontend.main-page.url:}")
private String frontendMainPageUrl;
http.cors(
cors ->
cors.configurationSource(
request ->
new CorsConfiguration().applyPermitDefaultValues()))
.csrf(AbstractHttpConfigurer::disable)

Check failure

Code scanning / CodeQL

Disabled Spring CSRF protection High

CSRF vulnerability due to protection being disabled.
.headers(
headers ->
headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.logout(
logout ->
logout.logoutRequestMatcher(
new AntPathRequestMatcher("/oauth/logout"))
.logoutSuccessUrl(frontendMainPageUrl)
.invalidateHttpSession(true)
.clearAuthentication(true))
.authorizeHttpRequests(authz -> authz.anyRequest().permitAll())
.oauth2Login(
login ->
login.successHandler(
new AuthenticationSuccessHandler() {
@Value("${frontend.main-page.url:}")
private String frontendMainPageUrl;

private String REDIRECT_URI = frontendMainPageUrl + "/login/callback";
private final String REDIRECT_URI =
frontendMainPageUrl + "/login/callback";

@Override
public void onAuthenticationSuccess(
HttpServletRequest request,
HttpServletResponse response,
Authentication authentication)
throws IOException, ServletException {
OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
System.out.println("oAuth2User = " + oAuth2User);

response.sendRedirect(
UriComponentsBuilder.fromUriString(REDIRECT_URI)
.queryParam("accessToken", "accessToken")
.queryParam("refreshToken", "refreshToken")
.build()
.encode(StandardCharsets.UTF_8)
.toUriString());
}
})
.defaultSuccessUrl(frontendMainPageUrl, true)
.userInfoEndpoint()
.userService(oAuthService);
@Override
public void onAuthenticationSuccess(
HttpServletRequest request,
HttpServletResponse response,
Authentication authentication)
throws IOException {
response.sendRedirect(
UriComponentsBuilder.fromUriString(
REDIRECT_URI)
.queryParam(
"accessToken",
"accessToken")
.queryParam(
"refreshToken",
"refreshToken")
.build()
.encode(
StandardCharsets
.UTF_8)
.toUriString());
}
})
.defaultSuccessUrl(frontendMainPageUrl, true)
.userInfoEndpoint(
userInfo -> userInfo.userService(oAuthService)));

return http.build();
}
Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/lpvs/entity/report/LPVSReportBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
*/
@Component
@Slf4j
@SuppressWarnings("unchecked")
public class LPVSReportBuilder {

/**
Expand Down
1 change: 1 addition & 0 deletions src/test/java/com/lpvs/LicensePreValidationServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import static org.mockito.Mockito.*;
import static org.mockito.Mockito.verify;

@SuppressWarnings("unchecked")
public class LicensePreValidationServiceTest {

LicensePreValidationService licensePreValidationService;
Expand Down
4 changes: 3 additions & 1 deletion src/test/java/com/lpvs/service/OAuthServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,11 @@ public void testLoadUser() throws OAuth2AuthenticationException {
ClientRegistration.withRegistrationId("google")
.userInfoUri("https://example.com/userinfo")
.userNameAttributeName("email")
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.clientId("id")
.tokenUri("https://example.com/tokenuri")
.redirectUri("https://example.com/redirecturi")
.authorizationUri("https://example.com/authorizationuri")
.build();
OAuth2UserRequest userRequest =
new OAuth2UserRequest(
Expand Down

0 comments on commit d72de56

Please sign in to comment.