search

devondragon / SpringUserFramework

Easy User Management Framework/Starter App for Spring. Providing registration, login, logout, and more built on top of Spring Security.
Apache License 2.0
88 stars 28 forks source link

Redundant configmethod in WebSecurityConfig #5

Closed JohnnyMoonlight closed 3 years ago

JohnnyMoonlight commented 3 years ago

Hey,

in src/main/java/com/digitalsanctuary/spring/user/util/WebSecurityConfig.java , there might be a redundant configuration.

Line 145 ff says:

else if (DEFAULT_ACTION_ALLOW.equals(getDefaultAction())) {
            http.authorizeRequests().antMatchers(protectedURIsArray).authenticated().antMatchers("/**").permitAll()
                    .and().formLogin().loginPage(loginPageURI).loginProcessingUrl(loginActionURI)
                    .successHandler(loginSuccessService).successHandler(loginSuccessService).and().logout()
                    .logoutUrl(logoutActionURI).invalidateHttpSession(true).logoutSuccessHandler(logoutSuccessService)
                    .deleteCookies("JSESSIONID").permitAll();

successHandler() is called twice. I don't know, if on purpose or not.

Cheers!

create-issue-branch[bot] commented 3 years ago

Branch issue-5-Redundant_configmethod_in_WebSecurityConfig created!

devondragon commented 3 years ago

Good catch! I will double check and then fix! Thank you @JohnnyMoonlight !!