X-Git-Url: https://juplo.de/gitweb/?p=examples%2Ffacebook-app;a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fde%2Fjuplo%2Fyourshouter%2FWebSecurityConfig.java;fp=src%2Fmain%2Fjava%2Fde%2Fjuplo%2Fyourshouter%2FWebSecurityConfig.java;h=738485e94fafc0631219a12b4d520862dbb47a51;hp=0000000000000000000000000000000000000000;hb=8f6d3c83aa9651e593b57b3d47cfd50a4ae73661;hpb=ca351a3eb7442fbb183aa62e1a58cd85bc1f2ef7 diff --git a/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java b/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java new file mode 100644 index 0000000..738485e --- /dev/null +++ b/src/main/java/de/juplo/yourshouter/WebSecurityConfig.java @@ -0,0 +1,89 @@ +package de.juplo.yourshouter; + +import javax.inject.Inject; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter; + + +@Configuration +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter +{ + @Inject + AuthenticationEntryPoint authenticationEntryPoint; + + /** + * We have to disable the default-configuration, because some of it does + * not work along with the canvas-page: + *
X-Frame-Options: DENY
is
+ * set for every response. This prevents the browser from showing our
+ * response inside Facebook, becaus that is an iFrame and the header
+ * forbidds to display our content in a frame.
+ *