fix

2024-12-21 19:08:24 +01:00 · 2024-11-29 15:05:10 +00:00 · 2024-11-29 15:05:10 +00:00 · fbc6b3a70e
commit fbc6b3a70e
parent 329f755823
1 changed files with 2 additions and 34 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@ -163,31 +163,12 @@ public class SecurityConfiguration {
            http.sessionManagement(
                    sessionManagement ->
                            sessionManagement
+                            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                                    .maximumSessions(10)
                                    .maxSessionsPreventsLogin(false)
                                    .sessionRegistry(sessionRegistry)
+                                    .expiredUrl("/login?logout=true"));

-                                    .expiredUrl("/login?logout=true"))
-            .addFilterBefore(
-                    new ForceEagerSessionCreationFilter(), 
-                    SecurityContextHolderFilter.class)
-            .addFilterBefore(new ForceEagerSessionCreationFilter(), SecurityContextHolderFilter.class);
-            
-            http.addFilterBefore(new OncePerRequestFilter() {
-                @Override
-                protected void doFilterInternal(HttpServletRequest request, 
-                        HttpServletResponse response, FilterChain filterChain) 
-                        throws ServletException, IOException {
-                    
-                    if (request.getRequestURI().startsWith("/saml2")) {
-                        response.setHeader("Set-Cookie", 
-                            response.getHeader("Set-Cookie")
-                                .concat(";SameSite=None;Secure"));
-                    }
-                    filterChain.doFilter(request, response);
-                }
-            }, SessionManagementFilter.class);
-            
            http.authenticationProvider(daoAuthenticationProvider());
            http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache()));
            http.logout(
@ -471,19 +452,6 @@ public class SecurityConfiguration {
                        .clientName("OIDC")
                        .build());
    }
-
-    @Bean
-    public CookieSerializer cookieSerializer() {
-        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
-        serializer.setSameSite("None");
-        serializer.setUseSecureCookie(true); // Required when using SameSite=None
-        return serializer;
-    }
-
-    @Bean
-    public HttpSessionEventPublisher httpSessionEventPublisher() {
-        return new HttpSessionEventPublisher();
-    }
    
    @Bean
    @ConditionalOnProperty(