From fbc6b3a70e8bf811a0c8903de7c305943551ddd7 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Fri, 29 Nov 2024 15:05:10 +0000 Subject: [PATCH] fix --- .../security/SecurityConfiguration.java | 36 ++----------------- 1 file changed, 2 insertions(+), 34 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java index 124353d2..6c9db628 100644 --- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java +++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java @@ -163,31 +163,12 @@ public class SecurityConfiguration { http.sessionManagement( sessionManagement -> sessionManagement + .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .maximumSessions(10) .maxSessionsPreventsLogin(false) .sessionRegistry(sessionRegistry) + .expiredUrl("/login?logout=true")); - .expiredUrl("/login?logout=true")) - .addFilterBefore( - new ForceEagerSessionCreationFilter(), - SecurityContextHolderFilter.class) - .addFilterBefore(new ForceEagerSessionCreationFilter(), SecurityContextHolderFilter.class); - - http.addFilterBefore(new OncePerRequestFilter() { - @Override - protected void doFilterInternal(HttpServletRequest request, - HttpServletResponse response, FilterChain filterChain) - throws ServletException, IOException { - - if (request.getRequestURI().startsWith("/saml2")) { - response.setHeader("Set-Cookie", - response.getHeader("Set-Cookie") - .concat(";SameSite=None;Secure")); - } - filterChain.doFilter(request, response); - } - }, SessionManagementFilter.class); - http.authenticationProvider(daoAuthenticationProvider()); http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache())); http.logout( @@ -471,19 +452,6 @@ public class SecurityConfiguration { .clientName("OIDC") .build()); } - - @Bean - public CookieSerializer cookieSerializer() { - DefaultCookieSerializer serializer = new DefaultCookieSerializer(); - serializer.setSameSite("None"); - serializer.setUseSecureCookie(true); // Required when using SameSite=None - return serializer; - } - - @Bean - public HttpSessionEventPublisher httpSessionEventPublisher() { - return new HttpSessionEventPublisher(); - } @Bean @ConditionalOnProperty(