File tree Expand file tree Collapse file tree 1 file changed +13
-0
lines changed
config/src/main/java/org/springframework/security/config/annotation/web/configuration Expand file tree Collapse file tree 1 file changed +13
-0
lines changed Original file line number Diff line number Diff line change @@ -330,6 +330,15 @@ public void init(final WebSecurity web) throws Exception {
330330 /**
331331 * Override this method to configure {@link WebSecurity}. For example, if you wish to
332332 * ignore certain requests.
333+ *
334+ * Endpoint used in this method ignores the
335+ * spring security filters, headers, csrf etc. see
336+ * {@link org.springframework.security.config.annotation.web.configurers.HeadersConfigurer} and
337+ * {@link org.springframework.security.config.annotation.web.configurers.CsrfConfigurer }
338+ *
339+ * Instead, if you want to protect public endpoints against common vulnerabilities, then see
340+ * {@link #configure(HttpSecurity)} and the {@link HttpSecurity#authorizeRequests}
341+ * configuration method.
333342 */
334343 public void configure (WebSecurity web ) throws Exception {
335344 }
@@ -343,6 +352,10 @@ public void configure(WebSecurity web) throws Exception {
343352 * http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic();
344353 * </pre>
345354 *
355+ * Public endpoints that require defense against common vulnerabilities can be specified here.
356+ * See {@link HttpSecurity#authorizeRequests} and the `permitAll()` authorization rule
357+ * for more details.
358+ *
346359 * @param http the {@link HttpSecurity} to modify
347360 * @throws Exception if an error occurs
348361 */
You can’t perform that action at this time.
0 commit comments