HI!!
Tank you so much for your reply you know Where i insert this http.requiresChannel().anyRequest().requiresSecure() in my code?
i try to insert and i received this error:
Caused by: java.lang.IllegalStateException: Can’t configure anyRequest after itself
at org.springframework.util.Assert.state(Assert.java:73) ~[spring-core-5.2.7.RELEASE.jar!/:5.2.7.RELEASE]
at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.anyRequest(AbstractRequestMatcherRegistry.java:74) ~[spring-security-config-5.3.3.RELEASE.jar!/:5.3.3.RELEASE]
at br.com.neo.app.config.security.SecurityConfiguration.configure(SecurityConfiguration.java:94) ~[classes!/:0.0.1-SNAPSHOT]
@Override
protected void configure(HttpSecurity http) throws Exception {
// Not using Spring CSRF here to be able to use plain HTML for the login page
http.csrf().disable()
// Register our CustomRequestCache, that saves unauthorized access attempts, so
// the user is redirected after login.
.requestCache().requestCache(new CustomRequestCache())
// Restrict access to our application.
.and().authorizeRequests()
// Allow all flow internal requests.
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
// Allow all requests by logged in users.
//TODO : fazer a checagem das ROLES
//.anyRequest().hasAnyAuthority(Role.getAllRoles())
// Configure the login page.
.and().formLogin()
.loginPage(LOGIN_URL)
.permitAll().loginProcessingUrl(LOGIN_PROCESSING_URL)
.failureUrl(LOGIN_FAILURE_URL)
// Register the success handler that redirects users to the page they last tried
// to access
.successHandler(new SessionsRegister(sessionsService))
// Configure logout
.and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);
}