From 162ee60efb208304e5edc8415a5b205c1831c1ca Mon Sep 17 00:00:00 2001 From: cammorris Date: Tue, 3 May 2022 14:08:49 -0600 Subject: [PATCH] make favicon public Even though the resource doesn't exist, chrome (and probably other browsers) will request the favicon after requesting the "second-factor" page. Requests for the favicon prevented proceeding past the second-factor page and never hitting the POST to "second-factor". Instead, the sample prompts for the username, again. Exposing favicon (even though it doesn't exist) resolves the issue. --- .../mfa/src/main/java/example/SecurityConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java index f7f2509..2317b1c 100644 --- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java +++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java @@ -47,6 +47,7 @@ public class SecurityConfig { // @formatter:off http .authorizeHttpRequests((authorize) -> authorize + .antMatchers("/favicon.ico").permitAll() .mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager) .anyRequest().authenticated() )