From 0b204938e8f2d78d1f0c08b4d32a5a97cbfdde74 Mon Sep 17 00:00:00 2001
From: Salvatore Trupia <salvatore.trupia@students.fhnw.ch>
Date: Mon, 20 Dec 2021 17:37:43 +0100
Subject: [PATCH] changes in Security config for JSESSIONID(repeated login
 problem) and antMatchers(/myNewUser) -> functioning registration

---
 .../explosivepomegranate/rest/api/config/SecurityConfig.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java b/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java
index 7bbf810..bd40dd2 100644
--- a/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java
+++ b/src/main/java/com/explosivepomegranate/rest/api/config/SecurityConfig.java
@@ -46,14 +46,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.
-                sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and()
+                sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
                 .requiresChannel().requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null).requiresSecure()
                 .and() // If the X-Forwarded-Proto header is present, redirect to HTTPS (Heroku)
                     .csrf().disable()
                    //.requireCsrfProtectionMatcher(new CSRFRequestMatcher())
                    // .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
                 .authorizeRequests()
-                    .antMatchers("/assets/**", "/", "/register").permitAll()
+                    .antMatchers("/assets/**", "/", "/register", "/myNewUser").permitAll()
                     .anyRequest().authenticated()
                     .and()
                 .formLogin()
-- 
GitLab