diff options
Diffstat (limited to 'juick-spring-www/src/main')
-rw-r--r-- | juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 759eba5ac..551c0185b 100644 --- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -1,5 +1,6 @@ package com.juick.www.configuration; +import com.juick.entity.AnonymUser; import com.juick.service.UserService; import com.juick.service.security.JuickUserDetailsService; import org.springframework.context.annotation.Bean; @@ -37,9 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/settings", "/pm/**").authenticated() .anyRequest().permitAll() .and() - .anonymous().authorities("ROLE_ANONYM") + .anonymous().principal(AnonymUser.INSTANCE) .and() - .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) + .sessionManagement().invalidSessionUrl("/") .and() .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/") .and() @@ -55,8 +56,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .rememberMe() .tokenValiditySeconds(6 * 30 * 24 * 3600) .alwaysRemember(true) - .useSecureCookie(true) + //.useSecureCookie(true) // TODO Enable if https is supports .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) + .userDetailsService(userDetailsServiceBean()) + .key(env.getProperty("auth_remember_me_key")) .and() .csrf().disable(); } |