diff options
Diffstat (limited to 'juick-spring-www/src/main/java/com/juick/www/configuration')
3 files changed, 31 insertions, 13 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java index eaed8ebd..c9ecfeac 100644 --- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java @@ -35,6 +35,7 @@ public class WebAppConfiguration { public TemplateSettingsHolder settingsHolder() { return new TemplateSettingsHolder(env); } + @Bean public WebApp webApp() { return new WebApp(env); diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 95a94642..759eba5a 100644 --- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -8,6 +8,7 @@ import org.springframework.core.env.Environment; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import javax.annotation.Resource; @@ -23,10 +24,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Resource private UserService userService; - protected WebSecurityConfig() { - super(true); - } - @Bean("userDetailsService") @Override public UserDetailsService userDetailsServiceBean() throws Exception { @@ -38,27 +35,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { http .authorizeRequests() .antMatchers("/settings", "/pm/**").authenticated() - .anyRequest().authenticated() + .anyRequest().permitAll() + .and() + .anonymous().authorities("ROLE_ANONYM") .and() - .anonymous() - .authorities("ROLE_ANONYM") + .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .and() - .logout() - .invalidateHttpSession(true) - .logoutUrl("/logout") - .logoutSuccessUrl("/") + .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/") .and() .formLogin() .loginPage("/login") .permitAll() .defaultSuccessUrl("/") - .failureForwardUrl("/login") + .failureForwardUrl("/login?error=1") + .loginProcessingUrl("/do_login") + .usernameParameter("j_username") + .passwordParameter("j_password") .and() .rememberMe() .tokenValiditySeconds(6 * 30 * 24 * 3600) .alwaysRemember(true) .useSecureCookie(true) - .rememberMeCookieName(env.getProperty("auth_cookie_name", "hash")) .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) .and() .csrf().disable(); diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java new file mode 100644 index 00000000..0ea8c907 --- /dev/null +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java @@ -0,0 +1,20 @@ +package com.juick.www.configuration; + +/** + * Created by vitalyster on 25.11.2016. + */ + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; + +import javax.servlet.ServletContext; + +public class WwwSecurityInitializer extends AbstractSecurityWebApplicationInitializer { + private final Logger logger = LoggerFactory.getLogger(getClass()); + + @Override + protected void afterSpringSecurityFilterChain(ServletContext servletContext) { + logger.info("SpringSecurityFilterChain initialized"); + } +} |