fix

2024-11-29 15:05:10 +00:00
1 changed files with 2 additions and 35 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@@ -1,6 +1,5 @@
 package stirling.software.SPDF.config.security;

-import io.github.pixee.security.Newlines;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.*;
@@ -164,31 +163,12 @@ public class SecurityConfiguration {
            http.sessionManagement(
                    sessionManagement ->
                            sessionManagement
+                            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                                    .maximumSessions(10)
                                    .maxSessionsPreventsLogin(false)
                                    .sessionRegistry(sessionRegistry)
+                                    .expiredUrl("/login?logout=true"));

-                                    .expiredUrl("/login?logout=true"))
-            .addFilterBefore(
-                    new ForceEagerSessionCreationFilter(), 
-                    SecurityContextHolderFilter.class)
-            .addFilterBefore(new ForceEagerSessionCreationFilter(), SecurityContextHolderFilter.class);
-            
-            http.addFilterBefore(new OncePerRequestFilter() {
-                @Override
-                protected void doFilterInternal(HttpServletRequest request, 
-                        HttpServletResponse response, FilterChain filterChain) 
-                        throws ServletException, IOException {
-                    
-                    if (request.getRequestURI().startsWith("/saml2")) {
-                        response.setHeader("Set-Cookie", 
-                            Newlines.stripAll(response.getHeader("Set-Cookie")
-                                .concat(";SameSite=None;Secure")));
-                    }
-                    filterChain.doFilter(request, response);
-                }
-            }, SessionManagementFilter.class);
-            
            http.authenticationProvider(daoAuthenticationProvider());
            http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache()));
            http.logout(
@@ -472,19 +452,6 @@ public class SecurityConfiguration {
                        .clientName("OIDC")
                        .build());
    }
-
-    @Bean
-    public CookieSerializer cookieSerializer() {
-        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
-        serializer.setSameSite("None");
-        serializer.setUseSecureCookie(true); // Required when using SameSite=None
-        return serializer;
-    }
-
-    @Bean
-    public HttpSessionEventPublisher httpSessionEventPublisher() {
-        return new HttpSessionEventPublisher();
-    }
    
    @Bean
    @ConditionalOnProperty(