From 990ca2bf911181c3af9cd6375534553b9355b3a2 Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Fri, 9 Dec 2016 22:57:52 +0700
Subject: security settings

---
 .../juick/www/configuration/WebSecurityConfig.java | 23 ++++++++++------------
 1 file changed, 10 insertions(+), 13 deletions(-)

(limited to 'juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java')

diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 95a94642..759eba5a 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -8,6 +8,7 @@ import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
 import javax.annotation.Resource;
@@ -23,10 +24,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Resource
     private UserService userService;
 
-    protected WebSecurityConfig() {
-        super(true);
-    }
-
     @Bean("userDetailsService")
     @Override
     public UserDetailsService userDetailsServiceBean() throws Exception {
@@ -38,27 +35,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         http
                 .authorizeRequests()
                 .antMatchers("/settings", "/pm/**").authenticated()
-                .anyRequest().authenticated()
+                .anyRequest().permitAll()
+                .and()
+                .anonymous().authorities("ROLE_ANONYM")
                 .and()
-                .anonymous()
-                .authorities("ROLE_ANONYM")
+                .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                 .and()
-                .logout()
-                .invalidateHttpSession(true)
-                .logoutUrl("/logout")
-                .logoutSuccessUrl("/")
+                .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
                 .and()
                 .formLogin()
                 .loginPage("/login")
                 .permitAll()
                 .defaultSuccessUrl("/")
-                .failureForwardUrl("/login")
+                .failureForwardUrl("/login?error=1")
+                .loginProcessingUrl("/do_login")
+                .usernameParameter("j_username")
+                .passwordParameter("j_password")
                 .and()
                 .rememberMe()
                 .tokenValiditySeconds(6 * 30 * 24 * 3600)
                 .alwaysRemember(true)
                 .useSecureCookie(true)
-                .rememberMeCookieName(env.getProperty("auth_cookie_name", "hash"))
                 .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
                 .and()
                 .csrf().disable();
-- 
cgit v1.2.3