cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf-fediz] branch master updated: Adding CSRF part for the login form
Date Thu, 19 Oct 2017 14:21:14 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/master by this push:
     new 57f5cbd  Adding CSRF part for the login form
57f5cbd is described below

commit 57f5cbd08a033258b2cc94ee6cb838da11479a5d
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Thu Oct 19 15:20:59 2017 +0100

    Adding CSRF part for the login form
---
 services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
index f916dc2..e655065 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
@@ -40,7 +40,8 @@
 
     <!-- HTTP/BA entry point for WS-Federation -->
     <security:http pattern="/federation/up/**" use-expressions="true">
-		<security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous()
or isAuthenticated()" />
+        <security:csrf />
+        <security:intercept-url requires-channel="https" pattern="/federation/up/login*"
access="isAnonymous() or isAuthenticated()" />
         <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
         <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher"
/>
 

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].

Mime
View raw message