github-code-scanning[bot] commented on code in PR #12549:
URL:
https://github.com/apache/dolphinscheduler/pull/12549#discussion_r1013774179
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/SecurityConfig.java:
##########
@@ -67,13 +77,49 @@
case LDAP:
authenticator = new LdapAuthenticator();
break;
+ case OAUTH2:
+ authenticator = new OAuth2Authenticator();
+ break;
default:
throw new IllegalStateException("Unexpected value: " +
authenticationType);
}
beanFactory.autowireBean(authenticator);
return authenticator;
}
+ @Bean
+ public AbstractLoginCredentials loginCredentials() {
+ setAuthenticationType(type);
+ AbstractLoginCredentials credentials;
+ switch (authenticationType) {
+ case PASSWORD:
+ credentials = new PasswordLoginCredentials();
+ break;
+ case LDAP:
+ credentials = new LdapLoginCredentials();
+ break;
+ case OAUTH2:
+ credentials = new OAuth2LoginCredentials();
+ break;
+ default:
+ throw new IllegalStateException("Unexpected value: " +
authenticationType);
+ }
+ beanFactory.autowireBean(credentials);
+ return credentials;
+ }
+
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception
{
+ http.csrf().disable().authorizeRequests()
Review Comment:
## Disabled Spring CSRF protection
CSRF vulnerability due to protection being disabled.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/2229)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
