Compare commits
1 Commits
saml
...
pixeebot/s
| Author | SHA1 | Date | |
|---|---|---|---|
|
72636dda9f |
@@ -1,5 +1,6 @@
|
|||||||
package stirling.software.SPDF.config.security;
|
package stirling.software.SPDF.config.security;
|
||||||
|
|
||||||
|
import io.github.pixee.security.Newlines;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
@@ -163,11 +164,30 @@ public class SecurityConfiguration {
|
|||||||
http.sessionManagement(
|
http.sessionManagement(
|
||||||
sessionManagement ->
|
sessionManagement ->
|
||||||
sessionManagement
|
sessionManagement
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
|
||||||
.maximumSessions(10)
|
.maximumSessions(10)
|
||||||
.maxSessionsPreventsLogin(false)
|
.maxSessionsPreventsLogin(false)
|
||||||
.sessionRegistry(sessionRegistry)
|
.sessionRegistry(sessionRegistry)
|
||||||
.expiredUrl("/login?logout=true"));
|
|
||||||
|
.expiredUrl("/login?logout=true"))
|
||||||
|
.addFilterBefore(
|
||||||
|
new ForceEagerSessionCreationFilter(),
|
||||||
|
SecurityContextHolderFilter.class)
|
||||||
|
.addFilterBefore(new ForceEagerSessionCreationFilter(), SecurityContextHolderFilter.class);
|
||||||
|
|
||||||
|
http.addFilterBefore(new OncePerRequestFilter() {
|
||||||
|
@Override
|
||||||
|
protected void doFilterInternal(HttpServletRequest request,
|
||||||
|
HttpServletResponse response, FilterChain filterChain)
|
||||||
|
throws ServletException, IOException {
|
||||||
|
|
||||||
|
if (request.getRequestURI().startsWith("/saml2")) {
|
||||||
|
response.setHeader("Set-Cookie",
|
||||||
|
Newlines.stripAll(response.getHeader("Set-Cookie")
|
||||||
|
.concat(";SameSite=None;Secure")));
|
||||||
|
}
|
||||||
|
filterChain.doFilter(request, response);
|
||||||
|
}
|
||||||
|
}, SessionManagementFilter.class);
|
||||||
|
|
||||||
http.authenticationProvider(daoAuthenticationProvider());
|
http.authenticationProvider(daoAuthenticationProvider());
|
||||||
http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache()));
|
http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache()));
|
||||||
@@ -453,6 +473,19 @@ public class SecurityConfiguration {
|
|||||||
.build());
|
.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public CookieSerializer cookieSerializer() {
|
||||||
|
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
|
||||||
|
serializer.setSameSite("None");
|
||||||
|
serializer.setUseSecureCookie(true); // Required when using SameSite=None
|
||||||
|
return serializer;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public HttpSessionEventPublisher httpSessionEventPublisher() {
|
||||||
|
return new HttpSessionEventPublisher();
|
||||||
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(
|
@ConditionalOnProperty(
|
||||||
name = "security.saml2.enabled",
|
name = "security.saml2.enabled",
|
||||||
|
|||||||
Reference in New Issue
Block a user