Package com.atlassian.jira.security
Class SpringSecurityConfiguration
java.lang.Object
com.atlassian.jira.security.SpringSecurityConfiguration
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.web.SecurityFilterChainspringFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Configures the Spring Security filter chain.
-
Constructor Details
-
SpringSecurityConfiguration
public SpringSecurityConfiguration()
-
-
Method Details
-
springFilterChain
@Bean public org.springframework.security.web.SecurityFilterChain springFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception Configures the Spring Security filter chain. The following default filters are DISABLED by this configuration: - CsrfFilter: disables CSRF protection - LogoutFilter: disables logout functionality - HeaderWriterFilter: disables default security HTTP headers (like X-Frame-Options, X-XSS-Protection, etc.) - AnonymousAuthenticationFilter: disables anonymous authentication - SessionManagementFilter: disables session management (no session fixation protection, etc.) All other default filters (such as SecurityContextHolderFilter, ExceptionTranslationFilter, AuthorizationFilter, etc.) remain enabled unless explicitly configured otherwise. Reference filter chain with all defaults enabled: - DisableEncodeUrlFilter - WebAsyncManagerIntegrationFilter - SecurityContextHolderFilter - HeaderWriterFilter - CsrfFilter - LogoutFilter - RequestCacheAwareFilter - SecurityContextHolderAwareRequestFilter - AnonymousAuthenticationFilter - SessionManagementFilter - ExceptionTranslationFilter - AuthorizationFilter Besides the filters, the configuration also adds StrictHttpFirewall. See: https://docs.spring.io/spring-security/reference/servlet/architecture.html#servlet-security-filters See: https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html- Throws:
Exception
-