From a7f9acc91fa51489e8b1ac02e90b29ef497b08c1 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Sun, 11 Dec 2016 01:50:52 +0700 Subject: security anonimous and remember-me settings; set up auth_remember_me_key= in local juick.conf file --- .../main/java/com/juick/www/configuration/WebSecurityConfig.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'juick-spring-www') diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 759eba5a..551c0185 100644 --- a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -1,5 +1,6 @@ package com.juick.www.configuration; +import com.juick.entity.AnonymUser; import com.juick.service.UserService; import com.juick.service.security.JuickUserDetailsService; import org.springframework.context.annotation.Bean; @@ -37,9 +38,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/settings", "/pm/**").authenticated() .anyRequest().permitAll() .and() - .anonymous().authorities("ROLE_ANONYM") + .anonymous().principal(AnonymUser.INSTANCE) .and() - .sessionManagement().invalidSessionUrl("/").sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) + .sessionManagement().invalidSessionUrl("/") .and() .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/") .and() @@ -55,8 +56,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .rememberMe() .tokenValiditySeconds(6 * 30 * 24 * 3600) .alwaysRemember(true) - .useSecureCookie(true) + //.useSecureCookie(true) // TODO Enable if https is supports .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) + .userDetailsService(userDetailsServiceBean()) + .key(env.getProperty("auth_remember_me_key")) .and() .csrf().disable(); } -- cgit v1.2.3