marcel/mealprep
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(auth): add comments, clearContext on logout, explain session auth

Browse Source 
- Add comment to SecurityConfig explaining why CSRF is disabled
- Add SecurityContextHolder.clearContext() to logout for clean thread state
- Add Javadoc on authenticateInSession() explaining manual session setup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel Raddatz
2026-04-02 18:52:16 +02:00
parent 61249af086
commit 93ce1eaeac
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/src/main/java/com/recipeapp/auth/AuthController.java
View File

@@ -50,6 +50,11 @@ public class AuthController {
return ResponseEntity.ok(ApiResponse.success(user));
}
/**
* Creates an authenticated Spring Security context and stores it in the HTTP session
* so that subsequent requests from the same session are recognised as authenticated.
* We do this manually because we are not using Spring Security's built-in form login.
*/
private void authenticateInSession(String email, String role, HttpServletRequest request) {
var auth = UsernamePasswordAuthenticationToken.authenticated(
email, null, List.of(new SimpleGrantedAuthority("ROLE_" + role.toUpperCase())));
@@ -66,6 +71,7 @@ public class AuthController {
if (session != null) {
session.invalidate();
}
SecurityContextHolder.clearContext();
return ResponseEntity.noContent().build();
}