feat(authentication): 开启csrf

conifercone · conifercone · commit 65fd37d8c243 · 2024-04-24T18:54:04.000+08:00
diff --git a/centaur-authentication/src/main/java/com/sky/centaur/authentication/configuration/DefaultSecurityConfig.java b/centaur-authentication/src/main/java/com/sky/centaur/authentication/configuration/DefaultSecurityConfig.java
@@ -27,7 +27,6 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.web.SecurityFilterChain;
@@ -48,7 +47,7 @@ public class DefaultSecurityConfig {
   public SecurityFilterChain defaultSecurityFilterChain(@NotNull HttpSecurity http,
       UserDetailsService userDetailsService, JwtDecoder jwtDecoder, TokenRepository tokenRepository)
       throws Exception {
-    http.csrf(AbstractHttpConfigurer::disable)
+    http.csrf(withDefaults())
         .authorizeHttpRequests((authorize) -> authorize
             .anyRequest().authenticated()
         )
