aboutsummaryrefslogtreecommitdiff
path: root/juick-spring-www/src/main/java/com/juick/www/configuration
diff options
context:
space:
mode:
authorGravatar Alexander Alexeev2016-12-09 22:57:52 +0700
committerGravatar Alexander Alexeev2016-12-09 22:57:52 +0700
commit990ca2bf911181c3af9cd6375534553b9355b3a2 (patch)
tree4f1865a341d29d00366aa958e14b9b3216125776 /juick-spring-www/src/main/java/com/juick/www/configuration
parente2a018e998e125ee2ec983962059c4d2b733a4b4 (diff)
security settings
Diffstat (limited to 'juick-spring-www/src/main/java/com/juick/www/configuration')
-rw-r--r--juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java1
-rw-r--r--juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java23
-rw-r--r--juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java20
3 files changed, 31 insertions, 13 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java
index eaed8ebd..c9ecfeac 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java
@@ -35,6 +35,7 @@ public class WebAppConfiguration {
public TemplateSettingsHolder settingsHolder() {
return new TemplateSettingsHolder(env);
}
+
@Bean
public WebApp webApp() {
return new WebApp(env);
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 95a94642..759eba5a 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -8,6 +8,7 @@ import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import javax.annotation.Resource;
@@ -23,10 +24,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private UserService userService;
- protected WebSecurityConfig() {
- super(true);
- }
-
@Bean("userDetailsService")
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
@@ -38,27 +35,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http
.authorizeRequests()
.antMatchers("/settings", "/pm/**").authenticated()
- .anyRequest().authenticated()
+ .anyRequest().permitAll()
+ .and()
+ .anonymous().authorities("ROLE_ANONYM")
.and()
- .anonymous()
- .authorities("ROLE_ANONYM")
+ .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
- .logout()
- .invalidateHttpSession(true)
- .logoutUrl("/logout")
- .logoutSuccessUrl("/")
+ .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/")
- .failureForwardUrl("/login")
+ .failureForwardUrl("/login?error=1")
+ .loginProcessingUrl("/do_login")
+ .usernameParameter("j_username")
+ .passwordParameter("j_password")
.and()
.rememberMe()
.tokenValiditySeconds(6 * 30 * 24 * 3600)
.alwaysRemember(true)
.useSecureCookie(true)
- .rememberMeCookieName(env.getProperty("auth_cookie_name", "hash"))
.rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
.and()
.csrf().disable();
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
new file mode 100644
index 00000000..0ea8c907
--- /dev/null
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
@@ -0,0 +1,20 @@
+package com.juick.www.configuration;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+import javax.servlet.ServletContext;
+
+public class WwwSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
+ private final Logger logger = LoggerFactory.getLogger(getClass());
+
+ @Override
+ protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+ logger.info("SpringSecurityFilterChain initialized");
+ }
+}