SEC-2347: Polish

2014-11-21 22:31:03 -06:00 · 2014-11-21 22:31:03 -06:00 · 09f6210c73
parent 3c487c0348
commit 09f6210c73
6 changed files with 9 additions and 0 deletions
--- a/itest/context/src/integration-test/resources/http-extra-fsi-app-context.xml
+++ b/itest/context/src/integration-test/resources/http-extra-fsi-app-context.xml
@ -15,6 +15,7 @@
        <sec:intercept-url pattern="/**" access="@fsi.getAccessDecisionManager() eq @accessDecisionManager" />
        <sec:form-login />
        <sec:custom-filter ref="fsi" after="FILTER_SECURITY_INTERCEPTOR " />
+        <sec:csrf disabled="true"/>
    </sec:http>

    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
--- a/itest/web/src/main/webapp/WEB-INF/http-security-concurrency.xml
+++ b/itest/web/src/main/webapp/WEB-INF/http-security-concurrency.xml
@ -27,6 +27,8 @@
        <session-management>
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
        </session-management>
+
+        <csrf disabled="true"/>
    </http>

 </beans:beans>
--- a/itest/web/src/main/webapp/WEB-INF/http-security-custom-concurrency.xml
+++ b/itest/web/src/main/webapp/WEB-INF/http-security-custom-concurrency.xml
@ -16,6 +16,8 @@

        <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
        <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
+
+        <csrf disabled="true"/>
    </http>

    <beans:bean id="aep" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
--- a/itest/web/src/main/webapp/WEB-INF/http-security.xml
+++ b/itest/web/src/main/webapp/WEB-INF/http-security.xml
@ -27,6 +27,8 @@
        </session-management>

        <remember-me key="doesntmatter" token-repository-ref="tokenRepo"/>
+
+        <csrf disabled="true"/>
    </http>

    <beans:bean name="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl"/>
--- a/samples/cas/sample-xml/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/cas/sample-xml/src/main/webapp/WEB-INF/applicationContext-security.xml
@ -24,6 +24,7 @@
        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
        <custom-filter ref="casFilter" position="CAS_FILTER" />
        <logout logout-success-url="/cas-logout.jsp"/>
+        <csrf disabled="true"/>
    </http>

    <authentication-manager alias="authManager">
--- a/samples/cas/sample-xml/src/main/webapp/secure/extreme/index.jsp
+++ b/samples/cas/sample-xml/src/main/webapp/secure/extreme/index.jsp
@ -7,5 +7,6 @@ This is a protected page. You can only see me if you are a supervisor.
 <p><a href="../../secure/index.jsp">Secure page</a></p>
 <p><a href="../../secure/ptSample">Proxy Ticket Sample page</a></p>
 <p><a href="../../j_spring_security_logout">Logout</a>
+<
 </body>
 </html>