Merge pull request #134 from MichiBaum/develop

Set session management to stateless across all services.

admin-service/src/main/kotlin/com/michibaum/admin_service/security/SecurityConfiguration.kt

@@ -7,6 +7,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -31,6 +32,8 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS) }
             .build()
     }
 

authentication-library/src/main/kotlin/com/michibaum/authentication_library/security/ServletAuthenticationFilter.kt

@@ -45,10 +45,7 @@ class ServletAuthenticationFilter(private val authenticationManager: Authenticat
                 filterChain.doFilter(request, response)
                 return
             }
-            val session = request.getSession(false)
-            if (session != null) {
-                request.changeSessionId()
-            }
+
             successfulAuthentication(request, response, filterChain, authenticationResult)
         } catch (ex: AuthenticationException) {
             unsuccessfulAuthentication(request, response, ex)

authentication-service/src/main/kotlin/com/michibaum/authentication_service/security/SecurityConfiguration.kt

@@ -7,6 +7,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -40,6 +41,7 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
             .build()
     }
 

chess-service/src/main/kotlin/com/michibaum/chess_service/security/SecurityConfiguration.kt

@@ -8,6 +8,7 @@ import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -44,6 +45,8 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS) }
             .build()
     }
 

fitness-service/src/main/kotlin/com/michibaum/fitness_service/security/SecurityConfiguration.kt

@@ -7,6 +7,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -38,6 +39,8 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS) }
             .build()
     }
 

music-service/src/main/kotlin/com/michibaum/music_service/security/SecurityConfiguration.kt

@@ -7,6 +7,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -38,6 +39,8 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS) }
             .build()
     }
 

registry-service/src/main/kotlin/com/michibaum/registry_service/security/SecurityConfiguration.kt

@@ -7,6 +7,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -34,6 +35,8 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS) }
             .build()
     }
 

usermanagement-service/src/main/kotlin/com/michibaum/usermanagement_service/security/SecurityConfiguration.kt

@@ -8,6 +8,7 @@ import org.springframework.http.HttpMethod.POST
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -34,6 +35,8 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS) }
             .build()
     }
 

website-service/src/main/kotlin/com/michibaum/websiteservice/security/SecurityConfiguration.kt

@@ -7,6 +7,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -34,6 +35,8 @@ class SecurityConfiguration {
             .formLogin { formLoginSpec -> formLoginSpec.disable() }
             .csrf { csrfSpec -> csrfSpec.disable() }
             .logout { logoutSpec -> logoutSpec.disable() }
+            .sessionManagement { sessionManagementSpec -> sessionManagementSpec.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS) }
             .build()
     }