🐛 gateway fix csrf property not settable (#309)

* 🐛 gateway fix csrf property not settable * 🐛 gateway SecurityProperties supress spotbugs warnings
it-at-m · Dec 5, 2024 · 8f99d19 · 8f99d19
1 parent 0500979
commit 8f99d19
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/...ateway/src/main/java/de/muenchen/refarch/gateway/configuration/CsrfProtectionMatcher.java b/...ateway/src/main/java/de/muenchen/refarch/gateway/configuration/CsrfProtectionMatcher.java
@@ -1,5 +1,6 @@
 package de.muenchen.refarch.gateway.configuration;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
@@ -24,6 +25,7 @@ public class CsrfProtectionMatcher implements ServerWebExchangeMatcher {
     private static final Set<HttpMethod> ALLOWED_METHODS = new HashSet<>(
             Arrays.asList(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE, HttpMethod.OPTIONS));
 
+    @SuppressFBWarnings("EI_EXPOSE_REP2")
     private final SecurityProperties securityProperties;
 
     @Override

diff --git a/...h-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/SecurityProperties.java b/...h-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/SecurityProperties.java
@@ -1,16 +1,16 @@
 package de.muenchen.refarch.gateway.configuration;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.util.List;
+import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
+@Data
 @ConfigurationProperties("refarch.security")
 public class SecurityProperties {
     /**
      * List of url patterns excluded from csrf protection.
      */
-    private final List<String> csrfWhitelisted = List.of();
-
-    public List<String> getCsrfWhitelisted() {
-        return List.copyOf(this.csrfWhitelisted);
-    }
+    @SuppressFBWarnings("EI_EXPOSE_REP")
+    private List<String> csrfWhitelisted = List.of();
 }