From 990ca2bf911181c3af9cd6375534553b9355b3a2 Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Fri, 9 Dec 2016 22:57:52 +0700
Subject: security settings

---
 .../www/configuration/WebAppConfiguration.java     |  1 +
 .../juick/www/configuration/WebSecurityConfig.java | 23 ++++++++++------------
 .../www/configuration/WwwSecurityInitializer.java  | 20 +++++++++++++++++++
 3 files changed, 31 insertions(+), 13 deletions(-)
 create mode 100644 juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java

(limited to 'juick-spring-www/src/main/java/com/juick/www/configuration')

diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java
index eaed8ebd..c9ecfeac 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebAppConfiguration.java
@@ -35,6 +35,7 @@ public class WebAppConfiguration {
     public TemplateSettingsHolder settingsHolder() {
         return new TemplateSettingsHolder(env);
     }
+
     @Bean
     public WebApp webApp() {
         return new WebApp(env);
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 95a94642..759eba5a 100644
--- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -8,6 +8,7 @@ import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
 import javax.annotation.Resource;
@@ -23,10 +24,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Resource
     private UserService userService;
 
-    protected WebSecurityConfig() {
-        super(true);
-    }
-
     @Bean("userDetailsService")
     @Override
     public UserDetailsService userDetailsServiceBean() throws Exception {
@@ -38,27 +35,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         http
                 .authorizeRequests()
                 .antMatchers("/settings", "/pm/**").authenticated()
-                .anyRequest().authenticated()
+                .anyRequest().permitAll()
+                .and()
+                .anonymous().authorities("ROLE_ANONYM")
                 .and()
-                .anonymous()
-                .authorities("ROLE_ANONYM")
+                .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                 .and()
-                .logout()
-                .invalidateHttpSession(true)
-                .logoutUrl("/logout")
-                .logoutSuccessUrl("/")
+                .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
                 .and()
                 .formLogin()
                 .loginPage("/login")
                 .permitAll()
                 .defaultSuccessUrl("/")
-                .failureForwardUrl("/login")
+                .failureForwardUrl("/login?error=1")
+                .loginProcessingUrl("/do_login")
+                .usernameParameter("j_username")
+                .passwordParameter("j_password")
                 .and()
                 .rememberMe()
                 .tokenValiditySeconds(6 * 30 * 24 * 3600)
                 .alwaysRemember(true)
                 .useSecureCookie(true)
-                .rememberMeCookieName(env.getProperty("auth_cookie_name", "hash"))
                 .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
                 .and()
                 .csrf().disable();
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
new file mode 100644
index 00000000..0ea8c907
--- /dev/null
+++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
@@ -0,0 +1,20 @@
+package com.juick.www.configuration;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+import javax.servlet.ServletContext;
+
+public class WwwSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
+    private final Logger logger = LoggerFactory.getLogger(getClass());
+
+    @Override
+    protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+        logger.info("SpringSecurityFilterChain initialized");
+    }
+}
-- 
cgit v1.2.3