javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

redact stuff, login page, lang and remember me

Browse Source
This commit is contained in:
Anthony Stirling
2023-08-25 23:39:18 +01:00
parent cd0e1a3962
commit 41bd801e0d
12 changed files with 324 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
View File

@@ -15,7 +15,11 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import stirling.software.SPDF.repository.JPATokenRepositoryImpl;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
@Configuration
public class SecurityConfiguration {
@@ -43,7 +47,7 @@ public class SecurityConfiguration {
if(loginEnabledValue) {
http.csrf().disable();
http.csrf(csrf -> csrf.disable());
http
.formLogin(formLogin -> formLogin
.loginPage("/login")
@@ -55,8 +59,12 @@ public class SecurityConfiguration {
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout=true")
.invalidateHttpSession(true) // Invalidate session
.deleteCookies("JSESSIONID")
)
.deleteCookies("JSESSIONID", "remember-me")
).rememberMe(rememberMeConfigurer -> rememberMeConfigurer // Use the configurator directly
.key("uniqueAndSecret")
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(1209600) // 2 weeks
)
.authorizeHttpRequests(authz -> authz
.requestMatchers(req -> req.getRequestURI().startsWith("/login") || req.getRequestURI().endsWith(".svg") || req.getRequestURI().startsWith("/register") || req.getRequestURI().startsWith("/error") || req.getRequestURI().startsWith("/images/") || req.getRequestURI().startsWith("/public/") || req.getRequestURI().startsWith("/css/") || req.getRequestURI().startsWith("/js/"))
.permitAll()
@@ -65,8 +73,7 @@ public class SecurityConfiguration {
.userDetailsService(userDetailsService)
.authenticationProvider(authenticationProvider());
} else {
http
.csrf().disable()
http.csrf(csrf -> csrf.disable())
.authorizeHttpRequests(authz -> authz
.anyRequest().permitAll()
);
@@ -84,7 +91,12 @@ public class SecurityConfiguration {
return authProvider;
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
return new JPATokenRepositoryImpl();
}
}