Ignore:
Timestamp:
05/24/23 23:18:47 (18 months ago)
Author:
Gjoko Kostadinov <gjoko.kostadinov@…>
Branches:
master
Children:
77205be
Parents:
8bcd64c
Message:

Periodic update

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java

    r8bcd64c r950fa0d  
    1010import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    1111import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    12 import org.springframework.security.config.core.GrantedAuthorityDefaults;
    1312import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    14 import org.springframework.security.web.access.AccessDeniedHandler;
    1513import org.springframework.security.web.authentication.AuthenticationFailureHandler;
    1614import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
     15import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
     16import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
    1717import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
     18import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
     19
     20import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.*;
    1821
    1922@Configuration
     
    2124@AllArgsConstructor
    2225public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
     26
     27    private static final ClearSiteDataHeaderWriter.Directive[] SOURCE =
     28            {CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS};
    2329
    2430    private final PostgresUserDetailsService userDetailsService;
     
    5561                .defaultSuccessUrl("/homepage")
    5662                .and()
     63                .logout(logout -> logout
     64                        .logoutUrl("/logout")
     65                        .logoutSuccessUrl("/login")
     66                        .addLogoutHandler(new SecurityContextLogoutHandler())
     67                        .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))))
    5768                .authorizeRequests()
    5869                .antMatchers("/login").permitAll()
     70                .antMatchers("/logout").permitAll()
    5971                .antMatchers("/register_customer").permitAll()
    6072                .antMatchers("/register_business").permitAll()
    6173                .antMatchers("/api/nomenclatures/*").permitAll()
     74                .antMatchers("/api/user/me").permitAll()
    6275                .antMatchers("/api/business").permitAll()
     76                .antMatchers("/api/appointment").permitAll()
    6377                .antMatchers("/homepage").permitAll()
    6478                .antMatchers("/css/**").permitAll()
Note: See TracChangeset for help on using the changeset viewer.