security anonimous and remember-me settings;

set up auth_remember_me_key=<UNIQUE_STRING_KEY> in local juick.conf file
author: Alexander Alexeev 2016-12-11 01:50:52 +0700
committer: Vitaly Takmazov 2016-12-11 18:24:37 +0300
commit: a7f9acc91fa51489e8b1ac02e90b29ef497b08c1 (patch)
tree: affec8f40aa60451e79f719ce6f99250080d2e40
parent: ac6c86ddd482721e7011dcb727e4099b8cdf84b1 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 759eba5a..551c0185 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -1,5 +1,6 @@
 package com.juick.www.configuration;
 
+import com.juick.entity.AnonymUser;
 import com.juick.service.UserService;
 import com.juick.service.security.JuickUserDetailsService;
 import org.springframework.context.annotation.Bean;
@@ -37,9 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/settings", "/pm/**").authenticated()
                 .anyRequest().permitAll()
                 .and()
-                .anonymous().authorities("ROLE_ANONYM")
+                .anonymous().principal(AnonymUser.INSTANCE)
                 .and()
-                .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+                .sessionManagement().invalidSessionUrl("/")
                 .and()
                 .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
                 .and()
@@ -55,8 +56,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .rememberMe()
                 .tokenValiditySeconds(6 * 30 * 24 * 3600)
                 .alwaysRemember(true)
-                .useSecureCookie(true)
+                //.useSecureCookie(true) // TODO Enable if https is supports
                 .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
+                .userDetailsService(userDetailsServiceBean())
+                .key(env.getProperty("auth_remember_me_key"))
                 .and()
                 .csrf().disable();
     }
author	Alexander Alexeev	2016-12-11 01:50:52 +0700
committer	Vitaly Takmazov	2016-12-11 18:24:37 +0300
commit	a7f9acc91fa51489e8b1ac02e90b29ef497b08c1 (patch)
tree	affec8f40aa60451e79f719ce6f99250080d2e40
parent	ac6c86ddd482721e7011dcb727e4099b8cdf84b1 (diff)