aboutsummaryrefslogtreecommitdiff
path: root/juick-spring-www/src/main
diff options
context:
space:
mode:
authorGravatar Alexander Alexeev2016-12-11 01:50:52 +0700
committerGravatar Vitaly Takmazov2016-12-11 18:24:37 +0300
commita7f9acc91fa51489e8b1ac02e90b29ef497b08c1 (patch)
treeaffec8f40aa60451e79f719ce6f99250080d2e40 /juick-spring-www/src/main
parentac6c86ddd482721e7011dcb727e4099b8cdf84b1 (diff)
security anonimous and remember-me settings;
set up auth_remember_me_key=<UNIQUE_STRING_KEY> in local juick.conf file
Diffstat (limited to 'juick-spring-www/src/main')
-rw-r--r--juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 759eba5a..551c0185 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -1,5 +1,6 @@
package com.juick.www.configuration;
+import com.juick.entity.AnonymUser;
import com.juick.service.UserService;
import com.juick.service.security.JuickUserDetailsService;
import org.springframework.context.annotation.Bean;
@@ -37,9 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/settings", "/pm/**").authenticated()
.anyRequest().permitAll()
.and()
- .anonymous().authorities("ROLE_ANONYM")
+ .anonymous().principal(AnonymUser.INSTANCE)
.and()
- .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+ .sessionManagement().invalidSessionUrl("/")
.and()
.logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
.and()
@@ -55,8 +56,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.rememberMe()
.tokenValiditySeconds(6 * 30 * 24 * 3600)
.alwaysRemember(true)
- .useSecureCookie(true)
+ //.useSecureCookie(true) // TODO Enable if https is supports
.rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
+ .userDetailsService(userDetailsServiceBean())
+ .key(env.getProperty("auth_remember_me_key"))
.and()
.csrf().disable();
}