Cwikius-Spring/Spring-Security-Samples
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make favicon public

Browse Source 
Even though the resource doesn't exist, chrome (and probably other browsers) will request the favicon after requesting the "second-factor" page.  Requests for the favicon prevented proceeding past the second-factor page and never hitting the POST to "second-factor".  Instead, the sample prompts for the username, again.

Exposing favicon (even though it doesn't exist) resolves the issue.
This commit is contained in:
cammorris 2022-05-03 14:08:49 -06:00
parent cbbf5bb4bb
commit 0122dda2cd
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
View File

@ -47,6 +47,7 @@ public class SecurityConfig {
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
.antMatchers("/favicon.ico").permitAll()
.mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager) .mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager)
.anyRequest().authenticated() .anyRequest().authenticated()
) )