[25/50] kylin git commit: minor, move csrf conf to right place

Wed, 28 Jun 2017 22:49:16 -0700 

minor, move csrf conf to right place


Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/1e386948
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/1e386948
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/1e386948

Branch: refs/heads/master
Commit: 1e386948ad7381c86891233193a95837b3a47c8b
Parents: 7661ad7
Author: Roger Shi <[email protected]>
Authored: Tue Jun 20 21:10:13 2017 +0800
Committer: Dong Li <[email protected]>
Committed: Tue Jun 20 21:16:21 2017 +0800

----------------------------------------------------------------------
 server/src/main/resources/kylinSecurity.xml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/1e386948/server/src/main/resources/kylinSecurity.xml
----------------------------------------------------------------------
diff --git a/server/src/main/resources/kylinSecurity.xml 
b/server/src/main/resources/kylinSecurity.xml
index 506b2f1..039bded 100644
--- a/server/src/main/resources/kylinSecurity.xml
+++ b/server/src/main/resources/kylinSecurity.xml
@@ -29,7 +29,6 @@
         <scr:expression-handler ref="expressionHandler"/>
     </scr:global-method-security>
 
-    <scr:csrf disabled="true"/>
 
     <!-- acl config -->
     <bean id="aclPermissionFactory" 
class="org.apache.kylin.rest.security.AclPermissionFactory"/>
@@ -229,6 +228,7 @@
 
     <beans profile="testing,ldap">
         <scr:http auto-config="true" use-expressions="true">
+            <scr:csrf disabled="true"/>
             <scr:http-basic entry-point-ref="unauthorisedEntryPoint"/>
 
             <scr:intercept-url pattern="/api/user/authentication*/**" 
access="permitAll"/>
@@ -270,6 +270,7 @@
         <!-- Secured Rest API urls with LDAP basic authentication -->
         <scr:http pattern="/api/**" use-expressions="true"
                   authentication-manager-ref="apiAccessAuthenticationManager">
+            <scr:csrf disabled="true"/>
             <scr:http-basic entry-point-ref="unauthorisedEntryPoint"/>
 
             <scr:intercept-url pattern="/api/user/authentication*/**" 
access="permitAll"/>
@@ -294,6 +295,7 @@
         <!-- Secured non-api urls with SAML SSO -->
         <scr:http auto-config="true" entry-point-ref="samlEntryPoint" 
use-expressions="false"
                   authentication-manager-ref="webAccessAuthenticationManager">
+            <scr:csrf disabled="true"/>
             <scr:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
             <scr:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
             <scr:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>

Reply via email to