aboutsummaryrefslogtreecommitdiff
path: root/juick-spring-www/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'juick-spring-www/src/main')
-rw-r--r--juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 759eba5a..551c0185 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -1,5 +1,6 @@
package com.juick.www.configuration;
+import com.juick.entity.AnonymUser;
import com.juick.service.UserService;
import com.juick.service.security.JuickUserDetailsService;
import org.springframework.context.annotation.Bean;
@@ -37,9 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/settings", "/pm/**").authenticated()
.anyRequest().permitAll()
.and()
- .anonymous().authorities("ROLE_ANONYM")
+ .anonymous().principal(AnonymUser.INSTANCE)
.and()
- .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+ .sessionManagement().invalidSessionUrl("/")
.and()
.logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
.and()
@@ -55,8 +56,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.rememberMe()
.tokenValiditySeconds(6 * 30 * 24 * 3600)
.alwaysRemember(true)
- .useSecureCookie(true)
+ //.useSecureCookie(true) // TODO Enable if https is supports
.rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
+ .userDetailsService(userDetailsServiceBean())
+ .key(env.getProperty("auth_remember_me_key"))
.and()
.csrf().disable();
}