|
|
@@ -58,36 +58,7 @@ public class SecurityConfig {
|
|
|
//.anyRequest().fullyAuthenticated()
|
|
|
.anyRequest().permitAll()
|
|
|
)
|
|
|
- .formLogin((form) -> form
|
|
|
- .loginPage("/login")
|
|
|
- .defaultSuccessUrl("/procedures?_new=1",true)
|
|
|
- .failureUrl("/login?error=noauth")
|
|
|
- .successHandler(new AuthSuccessHandler())
|
|
|
- .permitAll()
|
|
|
- )
|
|
|
- .logout((logout) -> logout
|
|
|
- .logoutSuccessUrl("/login")
|
|
|
- .invalidateHttpSession(true)
|
|
|
- .clearAuthentication(true)
|
|
|
- .deleteCookies("JSESSIONID")
|
|
|
- .deleteCookies("SESSION")
|
|
|
- )
|
|
|
- .csrf((csrf) -> csrf.disable());
|
|
|
-
|
|
|
- http.sessionManagement((session) -> session
|
|
|
- .sessionAuthenticationErrorUrl("/login?error=expired")
|
|
|
- .invalidSessionUrl("/login?error=expired")
|
|
|
- .maximumSessions(1)
|
|
|
- .expiredUrl("/login?error=expired")
|
|
|
- .maxSessionsPreventsLogin(false)
|
|
|
- .sessionRegistry(sessionRegistry())
|
|
|
- )
|
|
|
- .sessionManagement((session) -> session
|
|
|
- .sessionAuthenticationStrategy(concurrentSession())
|
|
|
- .sessionFixation()
|
|
|
- .newSession()
|
|
|
- .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
|
|
- );
|
|
|
+ .csrf((csrf) -> csrf.disable());
|
|
|
|
|
|
http.headers((headers) -> headers
|
|
|
.frameOptions((options) -> options.sameOrigin())
|
Mario Martínez Hernández