diff options
author | Alexander Alexeev | 2016-12-11 01:50:52 +0700 |
---|---|---|
committer | Vitaly Takmazov | 2016-12-11 18:24:37 +0300 |
commit | a7f9acc91fa51489e8b1ac02e90b29ef497b08c1 (patch) | |
tree | affec8f40aa60451e79f719ce6f99250080d2e40 /juick-spring-www/src/main/java/com/juick/www | |
parent | ac6c86ddd482721e7011dcb727e4099b8cdf84b1 (diff) |
security anonimous and remember-me settings;
set up auth_remember_me_key=<UNIQUE_STRING_KEY> in local juick.conf file
Diffstat (limited to 'juick-spring-www/src/main/java/com/juick/www')
-rw-r--r-- | juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 759eba5a..551c0185 100644 --- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -1,5 +1,6 @@ package com.juick.www.configuration; +import com.juick.entity.AnonymUser; import com.juick.service.UserService; import com.juick.service.security.JuickUserDetailsService; import org.springframework.context.annotation.Bean; @@ -37,9 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/settings", "/pm/**").authenticated() .anyRequest().permitAll() .and() - .anonymous().authorities("ROLE_ANONYM") + .anonymous().principal(AnonymUser.INSTANCE) .and() - .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) + .sessionManagement().invalidSessionUrl("/") .and() .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/") .and() @@ -55,8 +56,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .rememberMe() .tokenValiditySeconds(6 * 30 * 24 * 3600) .alwaysRemember(true) - .useSecureCookie(true) + //.useSecureCookie(true) // TODO Enable if https is supports .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) + .userDetailsService(userDetailsServiceBean()) + .key(env.getProperty("auth_remember_me_key")) .and() .csrf().disable(); } |