Clelia Meneghin · d775550c
--- a/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java

+ 9

− 2
+++ b/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java

+ 9

− 2
 package com.explosivepomegranate.rest.api.config;

-import com.explosivepomegranate.rest.api.security.CSRFRequestMatcher;
 import com.explosivepomegranate.rest.api.service.UserDetailsServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 @@ -14,6 +13,7 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

 @Configuration
 @EnableWebSecurity
 @@ -21,7 +21,7 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationEn
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
-    private UserDetailsServiceImpl userDetailService; //
+    private UserDetailsServiceImpl userDetailService;

    /**
     * Encypt password with BCryptPasswordEncoder with 12 rounds
 @@ -34,6 +34,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    }

    /**
+     * Define that you use the password encoder on authentication
     * @author Clelia
     * */
    @Override
 @@ -60,6 +61,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                    .loginPage("/")
                    .defaultSuccessUrl("/home")
                    .permitAll()
+                .and()
+                    .rememberMe().key("uniqueAndSecret") // cookie, stay logged in
+                .and()
+                    .logout().deleteCookies("JSESSIONID")// on logout, delete cookie
+                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
+                    .logoutSuccessUrl("/")
                .and().httpBasic().realmName("REALM_EXPLOSIVE").authenticationEntryPoint(entryPoint());
    }