Set HttpOnly and Secure response

#186292877

src/main/java/formflow/library/config/WebSecurityConfiguration.java

@@ -0,0 +1,28 @@
+package formflow.library.config;
+
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+
+
+/**
+ * Security features managed by Form-flow library
+ */
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfiguration {
+
+    /**
+     * Sets session cookies to HttpOny and Secure
+     * @return serializer with updated cookie settings
+     */
+    @Bean
+    public DefaultCookieSerializer setDefaultSecurityCookie(){
+        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
+        serializer.setUseSecureCookie(true);
+        serializer.setUseHttpOnlyCookie(true);
+        return serializer;
+    }
+}

src/test/java/formflow/library/config/SecurityConfiguration.java

@@ -7,20 +7,11 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.session.web.http.DefaultCookieSerializer;
 import org.springframework.web.filter.ForwardedHeaderFilter;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfiguration {
-
-    @Bean
-    public DefaultCookieSerializer setDefaultSecurityCookie(){
-        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
-        serializer.setUseSecureCookie(true);
-        serializer.setUseHttpOnlyCookie(true);
-        return serializer;
-    }
     @Bean
     SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
         httpSecurity.formLogin(AbstractHttpConfigurer::disable);