From 9621360647b90d3c41571b22f7483593aae085c9 Mon Sep 17 00:00:00 2001 From: Anton Micke Date: Tue, 24 Jun 2025 15:37:17 +0200 Subject: [PATCH] Add remember me function --- .../kickerelo/config/SecurityConfiguration.java | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java b/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java index 695cb88..88f109b 100644 --- a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java +++ b/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java @@ -1,5 +1,7 @@ package org.kickerelo.kickerelo.config; +import java.security.SecureRandom; +import java.util.Base64; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -10,14 +12,25 @@ import com.vaadin.flow.spring.security.VaadinWebSecurity; @Configuration class SecurityConfiguration extends VaadinWebSecurity { + private static String rememberMeSecret = null; + @Override protected void configure(HttpSecurity http) throws Exception { + if (rememberMeSecret == null) rememberMeSecret = generateSecret(); + http.authorizeHttpRequests(auth -> auth .requestMatchers("/app/admin/**", "/app/admin", "/app/app/admin/**", "/app/app/admin").hasAuthority("Kicker Admin") - .anyRequest().permitAll() - ) + .anyRequest().permitAll()) + .rememberMe(rememberMe -> rememberMe.key(rememberMeSecret)) .oauth2Login(org.springframework.security.config.Customizer.withDefaults()) .logout(logout -> logout.logoutSuccessUrl("/")) .csrf(csrf -> csrf.disable()); } + + private String generateSecret() { + SecureRandom random = new SecureRandom(); + byte[] bytes = new byte[24]; + random.nextBytes(bytes); + return Base64.getEncoder().encodeToString(bytes); + } }