Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2024-12-21 19:08:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Anthony Stirling 2024-11-29 15:05:10 +00:00
parent 329f755823
commit fbc6b3a70e
1 changed files with 2 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
View File

@ -163,30 +163,11 @@ public class SecurityConfiguration {
http.sessionManagement( http.sessionManagement(
sessionManagement -> sessionManagement ->
sessionManagement sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.maximumSessions(10) .maximumSessions(10)
.maxSessionsPreventsLogin(false) .maxSessionsPreventsLogin(false)
.sessionRegistry(sessionRegistry) .sessionRegistry(sessionRegistry)
.expiredUrl("/login?logout=true"));
.expiredUrl("/login?logout=true"))
.addFilterBefore(
new ForceEagerSessionCreationFilter(),
SecurityContextHolderFilter.class)
.addFilterBefore(new ForceEagerSessionCreationFilter(), SecurityContextHolderFilter.class);
http.addFilterBefore(new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
if (request.getRequestURI().startsWith("/saml2")) {
response.setHeader("Set-Cookie",
response.getHeader("Set-Cookie")
.concat(";SameSite=None;Secure"));
}
filterChain.doFilter(request, response);
}
}, SessionManagementFilter.class);
http.authenticationProvider(daoAuthenticationProvider()); http.authenticationProvider(daoAuthenticationProvider());
http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache())); http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache()));
@ -472,19 +453,6 @@ public class SecurityConfiguration {
.build()); .build());
} }
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setSameSite("None");
serializer.setUseSecureCookie(true); // Required when using SameSite=None
return serializer;
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
@Bean @Bean
@ConditionalOnProperty( @ConditionalOnProperty(
name = "security.saml2.enabled", name = "security.saml2.enabled",