From cd3a7f25ae028597e586070d47547ebdbf674f6a Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Wed, 22 May 2019 19:58:07 +0200
Subject: [PATCH] obsolete spring security constrocutor replaced

---
 .../web/config/SpringSecurityConfig.java      | 38 +++++++++++--------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java b/web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java
index 0f6dc01240..be930e903c 100644
--- a/web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java
+++ b/web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java
@@ -1,9 +1,7 @@
 package lcsb.mapviewer.web.config;
 
-import lcsb.mapviewer.api.SpringRestApiConfig;
-import lcsb.mapviewer.web.security.MvAuthenticationFailureHandler;
-import lcsb.mapviewer.web.security.MvAuthenticationSuccessHandler;
-import lcsb.mapviewer.web.security.MvUsernamePasswordAuthenticationFilter;
+import java.util.Arrays;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,15 +16,23 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.authentication.session.*;
+import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
+import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy;
 
-import java.util.Arrays;
+import lcsb.mapviewer.api.SpringRestApiConfig;
+import lcsb.mapviewer.web.security.MvAuthenticationFailureHandler;
+import lcsb.mapviewer.web.security.MvAuthenticationSuccessHandler;
+import lcsb.mapviewer.web.security.MvUsernamePasswordAuthenticationFilter;
 
 @Configuration
-@Import({SpringRestApiConfig.class})
+@Import({ SpringRestApiConfig.class })
 @EnableWebSecurity
 public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -36,15 +42,15 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
 
   @Autowired
   public SpringSecurityConfig(SessionRegistry sessionRegistry,
-                              AuthenticationProvider authenticationProvider) {
+      AuthenticationProvider authenticationProvider) {
     this.sessionRegistry = sessionRegistry;
     this.authenticationProvider = authenticationProvider;
   }
 
   @Bean
   public SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-    ConcurrentSessionControlAuthenticationStrategy strategy1 =
-        new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
+    ConcurrentSessionControlAuthenticationStrategy strategy1 = new ConcurrentSessionControlAuthenticationStrategy(
+        sessionRegistry);
     strategy1.setMaximumSessions(-1);
     strategy1.setExceptionIfMaximumExceeded(true);
 
@@ -53,10 +59,9 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
     RegisterSessionAuthenticationStrategy strategy3 = new RegisterSessionAuthenticationStrategy(sessionRegistry);
 
     return new CompositeSessionAuthenticationStrategy(Arrays.asList(
-      strategy1,
-      strategy2,
-      strategy3
-    ));
+        strategy1,
+        strategy2,
+        strategy3));
   }
 
   @Override
@@ -96,7 +101,8 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
 
   @Bean
   public ConcurrentSessionFilter concurrentSessionFilter() {
-    return new ConcurrentSessionFilter(sessionRegistry, "/index.xhtml");
+    return new ConcurrentSessionFilter(sessionRegistry,
+        new SimpleRedirectSessionInformationExpiredStrategy("/index.xhtml"));
   }
 
   @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@@ -148,7 +154,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
         .antMatchers("/api**").permitAll()
         .antMatchers("/api/**").permitAll()
         .antMatchers("/fonts/**").permitAll()
-    		.antMatchers("/plugins/**").permitAll()
+        .antMatchers("/plugins/**").permitAll()
         .antMatchers("/**").authenticated()
 
         .and()
-- 
GitLab