diff options
Diffstat (limited to 'juick-www/src/main/java/com/juick')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 3c674d0c..d3aa9e81 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -8,12 +8,13 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.annotation.Resource; @@ -66,11 +67,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .failureUrl("/login?error=1") .and() .rememberMe() - .tokenValiditySeconds(6 * 30 * 24 * 3600) - .alwaysRemember(true) - //.useSecureCookie(true) // TODO Enable if https is supports .rememberMeCookieDomain(webDomain).key(rememberMeKey) - .userDetailsService(userDetailsServiceBean()) + .rememberMeServices(rememberMeServices()) .and() .csrf().disable() .authenticationProvider(authenticationProvider()) @@ -87,8 +85,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public HashParamAuthenticationFilter hashParamAuthenticationFilter() { - return new HashParamAuthenticationFilter(userService); + public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception { + return new HashParamAuthenticationFilter(userService, rememberMeServices()); + } + + @Bean + public RememberMeServices rememberMeServices() throws Exception { + TokenBasedRememberMeServices services = new TokenBasedRememberMeServices( + rememberMeKey, userDetailsServiceBean()); + + services.setCookieName("juick-remember-me"); + services.setCookieDomain(webDomain); + services.setAlwaysRemember(true); + services.setTokenValiditySeconds(6 * 30 * 24 * 3600); + services.setUseSecureCookie(false); // TODO set true if https is supports + + return services; } @Override |