Cwikius-Spring
/
Spring-Security-Samples
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make favicon public 

Even though the resource doesn't exist, chrome (and probably other browsers) will request the favicon after requesting the "second-factor" page.  Requests for the favicon prevented proceeding past the second-factor page and never hitting the POST to "second-factor".  Instead, the sample prompts for the username, again.

Exposing favicon (even though it doesn't exist) resolves the issue.
This commit is contained in:
cammorris 2022-05-03 14:08:49 -06:00 committed by Steve Riesenberg
parent bc3fc6b2e0
commit 162ee60efb
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
View File

@ -47,6 +47,7 @@ public class SecurityConfig {
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
.antMatchers("/favicon.ico").permitAll()
.mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager) .mvcMatchers("/second-factor", "/third-factor").access(mfaAuthorizationManager)
.anyRequest().authenticated() .anyRequest().authenticated()
) )