This commit is contained in:
Anthony Stirling 2024-11-29 15:05:10 +00:00
parent 329f755823
commit fbc6b3a70e

View File

@ -163,30 +163,11 @@ public class SecurityConfiguration {
http.sessionManagement(
sessionManagement ->
sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.maximumSessions(10)
.maxSessionsPreventsLogin(false)
.sessionRegistry(sessionRegistry)
.expiredUrl("/login?logout=true"))
.addFilterBefore(
new ForceEagerSessionCreationFilter(),
SecurityContextHolderFilter.class)
.addFilterBefore(new ForceEagerSessionCreationFilter(), SecurityContextHolderFilter.class);
http.addFilterBefore(new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
if (request.getRequestURI().startsWith("/saml2")) {
response.setHeader("Set-Cookie",
response.getHeader("Set-Cookie")
.concat(";SameSite=None;Secure"));
}
filterChain.doFilter(request, response);
}
}, SessionManagementFilter.class);
.expiredUrl("/login?logout=true"));
http.authenticationProvider(daoAuthenticationProvider());
http.requestCache(requestCache -> requestCache.requestCache(new NullRequestCache()));
@ -472,19 +453,6 @@ public class SecurityConfiguration {
.build());
}
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setSameSite("None");
serializer.setUseSecureCookie(true); // Required when using SameSite=None
return serializer;
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
@Bean
@ConditionalOnProperty(
name = "security.saml2.enabled",