obsolete spring security constrocutor replaced

cd3a7f25 · Piotr Gawron · a987cda7 · cd3a7f25
Commit cd3a7f25 authored 5 years ago by Piotr Gawron
--- a/web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java
+++ b/web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java
 package lcsb.mapviewer.web.config;

-import lcsb.mapviewer.api.SpringRestApiConfig;
-import lcsb.mapviewer.web.security.MvAuthenticationFailureHandler;
-import lcsb.mapviewer.web.security.MvAuthenticationSuccessHandler;
-import lcsb.mapviewer.web.security.MvUsernamePasswordAuthenticationFilter;
+import java.util.Arrays;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,15 +16,23 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.authentication.session.*;
+import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
+import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy;

-import java.util.Arrays;
+import lcsb.mapviewer.api.SpringRestApiConfig;
+import lcsb.mapviewer.web.security.MvAuthenticationFailureHandler;
+import lcsb.mapviewer.web.security.MvAuthenticationSuccessHandler;
+import lcsb.mapviewer.web.security.MvUsernamePasswordAuthenticationFilter;

 @Configuration
-@Import({SpringRestApiConfig.class})
+@Import({ SpringRestApiConfig.class })
 @EnableWebSecurity
 public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

@@ -36,15 +42,15 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  public SpringSecurityConfig(SessionRegistry sessionRegistry,
-                              AuthenticationProvider authenticationProvider) {
+      AuthenticationProvider authenticationProvider) {
    this.sessionRegistry = sessionRegistry;
    this.authenticationProvider = authenticationProvider;
  }

  @Bean
  public SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-    ConcurrentSessionControlAuthenticationStrategy strategy1 =
-        new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
+    ConcurrentSessionControlAuthenticationStrategy strategy1 = new ConcurrentSessionControlAuthenticationStrategy(
+        sessionRegistry);
    strategy1.setMaximumSessions(-1);
    strategy1.setExceptionIfMaximumExceeded(true);

@@ -53,10 +59,9 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    RegisterSessionAuthenticationStrategy strategy3 = new RegisterSessionAuthenticationStrategy(sessionRegistry);

    return new CompositeSessionAuthenticationStrategy(Arrays.asList(
-      strategy1,
-      strategy2,
-      strategy3
-    ));
+        strategy1,
+        strategy2,
+        strategy3));
  }

  @Override
@@ -96,7 +101,8 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

  @Bean
  public ConcurrentSessionFilter concurrentSessionFilter() {
-    return new ConcurrentSessionFilter(sessionRegistry, "/index.xhtml");
+    return new ConcurrentSessionFilter(sessionRegistry,
+        new SimpleRedirectSessionInformationExpiredStrategy("/index.xhtml"));
  }

  @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@@ -148,7 +154,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
        .antMatchers("/api**").permitAll()
        .antMatchers("/api/**").permitAll()
        .antMatchers("/fonts/**").permitAll()
-    		.antMatchers("/plugins/**").permitAll()
+        .antMatchers("/plugins/**").permitAll()
        .antMatchers("/**").authenticated()

        .and()