Updates

ranjani2412 · ranjani2412 · commit df54ae491f6d · 2023-01-12T17:31:58.000+11:00
diff --git a/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java b/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java
@@ -5,6 +5,7 @@
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
@@ -26,8 +27,10 @@ public class SecurityConfiguration {
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        // Requests
         http.authorizeRequests(request -> request.antMatchers(ENDPOINTS_WHITELIST).permitAll()
                         .anyRequest().authenticated())
+                // CSRF
                 .csrf().disable()
                 //.formLogin(Customizer.withDefaults())
                 .formLogin(form -> form
@@ -42,7 +45,15 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .logoutUrl("/logout")
                         .invalidateHttpSession(true)
                         .deleteCookies("JSESSIONID")
-                        .logoutSuccessUrl(LOGIN_URL + "?logout"));
+                        .logoutSuccessUrl(LOGIN_URL + "?logout"))
+                //.sessionManagement(Customizer.withDefaults())
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
+                        .invalidSessionUrl("/invalidSession")
+                        .maximumSessions(1)
+                        .maxSessionsPreventsLogin(true));
+
+
         return http.build();
     }
 }
diff --git a/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/web/HomeController.java b/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/web/HomeController.java
@@ -12,4 +12,9 @@ public class HomeController {
     public String homePage(HttpServletResponse response) {
         return "homePage";
     }
+
+    @GetMapping("/invalidSession")
+    public String invalidSession(HttpServletResponse response) {
+        return "invalidSession";
+    }
 }
diff --git a/spring-security/getting-started/SecureApplication/src/main/resources/templates/invalidSession.html b/spring-security/getting-started/SecureApplication/src/main/resources/templates/invalidSession.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en"  xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+<h2>Invalid Session</h2>
+</body>
+</html>

Original file line number	Diff line number	Diff line change
`@@ -12,4 +12,9 @@ public class HomeController {`
`12`	`12`	`public String homePage(HttpServletResponse response) {`
`13`	`13`	`return "homePage";`
`14`	`14`	`}`
	`15`	`+`
	`16`	`+ @GetMapping("/invalidSession")`
	`17`	`+ public String invalidSession(HttpServletResponse response) {`
	`18`	`+ return "invalidSession";`
	`19`	`+ }`
`15`	`20`	`}`