AADSecurityConfigWithIstioEnabled performs authentication with istio enabled
There is no difference in behavior when azure.istio.auth.enabled
is true
or false
.
Both, AADSecurityConfig
and AADSecurityConfigWithIstioEnabled.java
performs same function.
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.authorizeRequests()
.antMatchers("/", "/index.html",
"/v2/api-docs",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/security",
"/swagger",
"/swagger-ui.html",
"/webjars/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
Vs
http.httpBasic().disable()
.csrf().disable();