Skip to content
GitLab
Closed
Issue created by Abhishek Kumar (SLB)@akumar290Maintainer

AADSecurityConfigWithIstioEnabled performs authentication with istio enabled

There is no difference in behavior when azure.istio.auth.enabled is true or false. Both, AADSecurityConfig and AADSecurityConfigWithIstioEnabled.java performs same function.

http
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
            .and()
            .authorizeRequests()
                .antMatchers("/", "/index.html",
                        "/v2/api-docs",
                        "/configuration/ui",
                        "/swagger-resources/**",
                        "/configuration/security",
                        "/swagger",
                        "/swagger-ui.html",
                        "/webjars/**").permitAll()
                .anyRequest().authenticated()
            .and()
            .addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);

Vs

http.httpBasic().disable()
                .csrf().disable();