package com.xforceplus.delivery.cloud.sba.customizer;

import com.xforceplus.delivery.cloud.security.customizer.CsrfCustomizer;
import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/xforceplus/delivery/cloud/sba/customizer/SBAdminCsrfCustomizer.class */
public class SBAdminCsrfCustomizer extends CsrfCustomizer {

    @Autowired
    private AdminServerProperties adminServer;

    protected void customize(CsrfConfigurer<HttpSecurity> csrfConfigurer) {
        csrfConfigurer.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringRequestMatchers(new RequestMatcher[]{new AntPathRequestMatcher(this.adminServer.path("/instances"), HttpMethod.POST.toString()), new AntPathRequestMatcher(this.adminServer.path("/instances/*"), HttpMethod.DELETE.toString()), new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))}).disable();
    }
}
