aboutsummaryrefslogtreecommitdiff
path: root/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
diff options
context:
space:
mode:
authorGravatar Alexander Alexeev2016-12-09 22:57:52 +0700
committerGravatar Alexander Alexeev2016-12-09 22:57:52 +0700
commit990ca2bf911181c3af9cd6375534553b9355b3a2 (patch)
tree4f1865a341d29d00366aa958e14b9b3216125776 /juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
parente2a018e998e125ee2ec983962059c4d2b733a4b4 (diff)
security settings
Diffstat (limited to 'juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java')
-rw-r--r--juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java23
1 files changed, 10 insertions, 13 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 95a94642..759eba5a 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -8,6 +8,7 @@ import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import javax.annotation.Resource;
@@ -23,10 +24,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private UserService userService;
- protected WebSecurityConfig() {
- super(true);
- }
-
@Bean("userDetailsService")
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
@@ -38,27 +35,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http
.authorizeRequests()
.antMatchers("/settings", "/pm/**").authenticated()
- .anyRequest().authenticated()
+ .anyRequest().permitAll()
+ .and()
+ .anonymous().authorities("ROLE_ANONYM")
.and()
- .anonymous()
- .authorities("ROLE_ANONYM")
+ .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
- .logout()
- .invalidateHttpSession(true)
- .logoutUrl("/logout")
- .logoutSuccessUrl("/")
+ .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/")
- .failureForwardUrl("/login")
+ .failureForwardUrl("/login?error=1")
+ .loginProcessingUrl("/do_login")
+ .usernameParameter("j_username")
+ .passwordParameter("j_password")
.and()
.rememberMe()
.tokenValiditySeconds(6 * 30 * 24 * 3600)
.alwaysRemember(true)
.useSecureCookie(true)
- .rememberMeCookieName(env.getProperty("auth_cookie_name", "hash"))
.rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
.and()
.csrf().disable();
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 16:39:18 +0000