diff --git a/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/CsrfProtectionMatcher.java b/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/CsrfProtectionMatcher.java index 6ffe805b..cfdd2cec 100644 --- a/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/CsrfProtectionMatcher.java +++ b/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/CsrfProtectionMatcher.java @@ -1,5 +1,6 @@ package de.muenchen.refarch.gateway.configuration; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.util.Arrays; import java.util.HashSet; import java.util.Set; @@ -24,6 +25,7 @@ public class CsrfProtectionMatcher implements ServerWebExchangeMatcher { private static final Set ALLOWED_METHODS = new HashSet<>( Arrays.asList(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE, HttpMethod.OPTIONS)); + @SuppressFBWarnings("EI_EXPOSE_REP2") private final SecurityProperties securityProperties; @Override diff --git a/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/SecurityProperties.java b/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/SecurityProperties.java index 57284e3f..e261020a 100644 --- a/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/SecurityProperties.java +++ b/refarch-gateway/src/main/java/de/muenchen/refarch/gateway/configuration/SecurityProperties.java @@ -1,16 +1,16 @@ package de.muenchen.refarch.gateway.configuration; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.util.List; +import lombok.Data; import org.springframework.boot.context.properties.ConfigurationProperties; +@Data @ConfigurationProperties("refarch.security") public class SecurityProperties { /** * List of url patterns excluded from csrf protection. */ - private final List csrfWhitelisted = List.of(); - - public List getCsrfWhitelisted() { - return List.copyOf(this.csrfWhitelisted); - } + @SuppressFBWarnings("EI_EXPOSE_REP") + private List csrfWhitelisted = List.of(); }