Estonian-ID-card-mobile-aut.../demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/config/SecurityConfiguration.kt

package com.tarkvaratehnika.demobackend.config

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.http.SessionCreationPolicy

@EnableWebSecurity
class SecurityConfiguration : WebSecurityConfigurerAdapter() {

    override fun configure(auth: AuthenticationManagerBuilder?) {
        auth?.inMemoryAuthentication()?.withUser("justSomeUser")?.password("someBackdoorPasswordThisDoesntMatterItsADemo")
            ?.roles("USER")
    }

    override fun configure(http: HttpSecurity) {
        http.authorizeRequests()
            ?.antMatchers("/welcome")?.hasRole("USER")
            ?.and()
            ?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
            ?.and()?.csrf()?.disable()
    }
}
MOB-55 Fixed some issues with session management. 2021-12-12 20:06:08 +02:00			`package com.tarkvaratehnika.demobackend.config`
MOB-55 Added session cookies reading 2021-12-06 23:01:10 +02:00
			`import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity`
			`import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter`
			`import org.springframework.security.config.http.SessionCreationPolicy`

			`@EnableWebSecurity`
			`class SecurityConfiguration : WebSecurityConfigurerAdapter() {`

			`override fun configure(auth: AuthenticationManagerBuilder?) {`
			`auth?.inMemoryAuthentication()?.withUser("justSomeUser")?.password("someBackdoorPasswordThisDoesntMatterItsADemo")`
			`?.roles("USER")`
			`}`

MOB-55 Disabled CSRF 2021-12-06 23:39:13 +02:00			`override fun configure(http: HttpSecurity) {`
MOB-55 Fixed some issues with session management. 2021-12-12 20:06:08 +02:00			`http.authorizeRequests()`
			`?.antMatchers("/welcome")?.hasRole("USER")`
			`?.and()`
			`?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)`
			`?.and()?.csrf()?.disable()`
MOB-55 Added session cookies reading 2021-12-06 23:01:10 +02:00			`}`
			`}`