Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
@Slf4j
@Configuration
@EnableWebSecurity
@EnableJdbcHttpSession
@EnableGlobalMethodSecurity(prePostEnabled = true)
class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String SESSION_STORAGE_NAME = "X-COMPANY-NAME-TOKEN";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.and()
.sessionManagement()
.maximumSessions(1)
.maxSessionsPreventsLogin(false).and()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/auth")
.usernameParameter("login")
.passwordParameter("password")
.successHandler((request, response, authentication) -> {
//for MSIE 8 support
if (authentication.isAuthenticated()) {
log.info("Successful authentication");
response.setStatus(200);
} else {
response.setStatus(401);
}
})
.failureHandler((request, response, authentication) -> {
log.info("Failed authentication");
response.setStatus(401);
})
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/index.html")
.invalidateHttpSession(true)
.clearAuthentication(true)
.and()
.httpBasic()
.and()
.csrf().disable()
.headers()
.contentTypeOptions().disable()
.xssProtection().disable()
.cacheControl()
.and().frameOptions().disable()
.and()
.cors()
.configurationSource(corsConfigurationSource())
.and()
.requestCache()
;
}
@Bean
public HttpSessionIdResolver httpSessionIdResolver() {
return new HeaderHttpSessionIdResolver(SESSION_STORAGE_NAME);
}
...
}
@SteelAlex
Copy link
Author

SteelAlex commented Oct 15, 2019

fragment of build.gradle

...
plugins {
    id 'org.springframework.boot' version "2.1.6.RELEASE"
}
...
dependencies {
...
implementation('org.springframework.boot:spring-boot-starter-security') # effective version is 2.1.6.RELEASE
implementation('org.springframework.session:spring-session-jdbc') # effective version is 2.1.7.RELEASE
...
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment