sonarlint: avoid field injection in web security config

kit-data-manager · Nov 10, 2023 · 8759250 · 8759250
1 parent ca5aae6
commit 8759250
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/src/main/java/edu/kit/datamanager/pit/configuration/WebSecurityConfig.java b/src/main/java/edu/kit/datamanager/pit/configuration/WebSecurityConfig.java
@@ -51,17 +51,23 @@
 @EnableMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig {
 
-  @Autowired
-  private KeycloakJwtProperties properties;
+  private final KeycloakJwtProperties properties;
 
-  @Autowired
-  private ApplicationProperties config;
+  private final ApplicationProperties config;
 
   @Value("${pit.security.enable-csrf:true}")
   private boolean enableCsrf;
   @Value("${pit.security.allowedOriginPattern:http*://localhost:[*]}")
   private String allowedOriginPattern;
 
+  public WebSecurityConfig(
+    @Autowired KeycloakJwtProperties properties,
+    @Autowired ApplicationProperties config
+  ) {
+    this.properties = properties;
+    this.config = config;
+  }
+
   @Bean
   protected SecurityFilterChain filterChain(HttpSecurity http, Logger logger) throws Exception {
     http