Merge pull request #436 from chrisshayan/Release48

Release48
chrisshayan · Oct 21, 2015 · eb400ce · eb400ce
2 parents 980bea0 + b494b37
commit eb400ce
Show file tree

Hide file tree

Showing 103 changed files with 10,926 additions and 2,772 deletions.
diff --git a/bower.json b/bower.json
@@ -44,7 +44,8 @@
     "angular-sanitize": "latest",
     "moment": "latest",
     "angular-strap": "latest",
-    "datetimepicker": "latest"
+    "datetimepicker": "latest",
+    "angular-summernote": "latest"
   },
   "overrides": {
     "jquery": {
@@ -161,6 +162,9 @@
       "build/css/bootstrap-datetimepicker.min.css",
       "build/js/bootstrap-datetimepicker.min.js"
       ]
+    },
+    "angular-summernote": {
+      "main": "dist/angular-summernote.js"
     }
   },
   "resolutions": {

diff --git a/src/main/java/com/techlooper/config/CoreConfiguration.java b/src/main/java/com/techlooper/config/CoreConfiguration.java
diff --git a/src/main/java/com/techlooper/config/web/DispatcherServletInitializer.java b/src/main/java/com/techlooper/config/web/DispatcherServletInitializer.java
@@ -19,8 +19,11 @@
 import com.techlooper.config.CoreConfiguration;
 import com.techlooper.config.VnwDbConfiguration;
 import com.techlooper.config.web.sec.SecurityConfiguration;
+import com.techlooper.config.web.sec.SessionListener;
 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
 
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
 import javax.servlet.ServletRegistration.Dynamic;
 
 public class DispatcherServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@@ -31,6 +34,12 @@ public class DispatcherServletInitializer extends AbstractAnnotationConfigDispat
 //  @Value("${spring.profiles.active}")
 //  private String profile;
 
+  public void onStartup(ServletContext servletContext) throws ServletException {
+    super.onStartup(servletContext);
+    servletContext.getSessionCookieConfig().setMaxAge(15770000);
+    servletContext.addListener(new SessionListener());
+  }
+
   protected Class<?>[] getRootConfigClasses() {
     return null;
   }

diff --git a/src/main/java/com/techlooper/config/web/sec/SecurityConfiguration.java b/src/main/java/com/techlooper/config/web/sec/SecurityConfiguration.java
@@ -10,10 +10,13 @@
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 
 import javax.servlet.http.HttpServletResponse;
 import java.util.Arrays;
@@ -27,58 +30,58 @@
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 
-    @Bean
-    public AuthenticationProvider vnwAuthenticationProvider() {
-        return new VnwAuthenticationProvider();
-    }
+  @Bean
+  public AuthenticationProvider vnwAuthenticationProvider() {
+    return new VnwAuthenticationProvider();
+  }
 
-    @Bean
-    public AuthenticationProvider socialAuthenticationProvider() {
-        return new SocialAuthenticationProvider();
-    }
+  @Bean
+  public AuthenticationProvider socialAuthenticationProvider() {
+    return new SocialAuthenticationProvider();
+  }
 
-    @Bean
-    public AuthenticationProvider switchingAuthenticationProvider() {
-        SwitchingAuthenticationProvider switchingAuthenticationProvider = new SwitchingAuthenticationProvider();
-        Map<SocialProvider, AuthenticationProvider> authenticationProviders = new HashMap<>();
-        authenticationProviders.put(SocialProvider.VIETNAMWORKS, vnwAuthenticationProvider());
-        authenticationProviders.put(SocialProvider.FACEBOOK, socialAuthenticationProvider());
-        authenticationProviders.put(SocialProvider.GOOGLE, socialAuthenticationProvider());
-        switchingAuthenticationProvider.setProviders(authenticationProviders);
-        return switchingAuthenticationProvider;
-    }
+  @Bean
+  public AuthenticationProvider switchingAuthenticationProvider() {
+    SwitchingAuthenticationProvider switchingAuthenticationProvider = new SwitchingAuthenticationProvider();
+    Map<SocialProvider, AuthenticationProvider> authenticationProviders = new HashMap<>();
+    authenticationProviders.put(SocialProvider.VIETNAMWORKS, vnwAuthenticationProvider());
+    authenticationProviders.put(SocialProvider.FACEBOOK, socialAuthenticationProvider());
+    authenticationProviders.put(SocialProvider.GOOGLE, socialAuthenticationProvider());
+    switchingAuthenticationProvider.setProviders(authenticationProviders);
+    return switchingAuthenticationProvider;
+  }
 
-    @Bean
-    public AuthenticationManager authenticationManager() {
-        return new ProviderManager(Arrays.asList(switchingAuthenticationProvider()));
-    }
+  @Bean
+  public AuthenticationManager authenticationManager() {
+    return new ProviderManager(Arrays.asList(switchingAuthenticationProvider()));
+  }
 
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable()
-                .authorizeRequests()
-                .and().formLogin().loginPage("/login").usernameParameter("us").passwordParameter("pwd").successHandler(getSuccessHandler()).failureHandler(getAuthenticationFailureHandler())
-                .and().logout().logoutUrl("/logout").logoutSuccessHandler(getLogoutSuccessHandler()).invalidateHttpSession(true).deleteCookies("SESSION").permitAll()
-                .and().exceptionHandling().authenticationEntryPoint(exceptionHandler());
+  protected void configure(HttpSecurity http) throws Exception {
+    http.csrf().disable();
+    http.headers().frameOptions().disable();
+    http.authorizeRequests()
+      .and().formLogin().loginPage("/login").usernameParameter("us").passwordParameter("pwd").successHandler(getSuccessHandler()).failureHandler(getAuthenticationFailureHandler())
+      .and().logout().logoutUrl("/logout").logoutSuccessHandler(getLogoutSuccessHandler()).invalidateHttpSession(true).deleteCookies("JSESSIONID").permitAll()
+      .and().exceptionHandling().authenticationEntryPoint(exceptionHandler());
+  }
 
-    }
+  private AuthenticationEntryPoint exceptionHandler() {
+    return (request, response, authException) -> response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+  }
 
-    private AuthenticationEntryPoint exceptionHandler() {
-        return (request, response, authException) -> response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-    }
+  private LogoutSuccessHandler getLogoutSuccessHandler() {
+    return (request, response, authentication) -> response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+  }
 
-    private LogoutSuccessHandler getLogoutSuccessHandler() {
-        return (request, response, authentication) -> response.setStatus(HttpServletResponse.SC_NO_CONTENT);
-    }
+  private AuthenticationFailureHandler getAuthenticationFailureHandler() {
+    return (request, response, exception) -> response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+  }
 
-    private AuthenticationFailureHandler getAuthenticationFailureHandler() {
-        return (request, response, exception) -> response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-    }
+  private AuthenticationSuccessHandler getSuccessHandler() {
+    return (request, response, authentication) -> response.setStatus(HttpServletResponse.SC_NO_CONTENT);
+  }
 
-    private AuthenticationSuccessHandler getSuccessHandler() {
-        return (request, response, authentication) -> response.setStatus(HttpServletResponse.SC_NO_CONTENT);
-    }
-
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers("/images/**", "/css/**", "/generate-resources/**", "/modules/**", "/bower_components/**", "/custom-js/**");
-    }
+  public void configure(WebSecurity web) throws Exception {
+    web.ignoring().antMatchers("/images/**", "/css/**", "/generate-resources/**", "/modules/**", "/bower_components/**", "/custom-js/**");
+  }
 }
diff --git a/src/main/java/com/techlooper/config/web/sec/SessionListener.java b/src/main/java/com/techlooper/config/web/sec/SessionListener.java
@@ -0,0 +1,17 @@
+package com.techlooper.config.web.sec;
+
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+/**
+ * Created by phuonghqh on 10/12/15.
+ */
+public class SessionListener implements HttpSessionListener {
+
+  public void sessionCreated(HttpSessionEvent event) {
+    event.getSession().setMaxInactiveInterval(15770000);
+  }
+
+  public void sessionDestroyed(HttpSessionEvent se) {
+  }
+}