SecurityConfig.java

http
         .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
         .servletApi()
            .and()
         .formLogin()
            .loginPage("/giris")
            .successHandler(simpleUrlAuthenticationHandler)
            .failureHandler(simpleUrlAuthenticationHandler)
            .permitAll()
            .and()
         .rememberMe()
            .key(rememberMeService.getKey())
            .rememberMeServices(rememberMeService)
            .and()
         .logout()
            .logoutUrl("/cikis")
            .logoutSuccessUrl("/cikis-basarili")
            .permitAll()
            .and()
         .csrf().disable()
         .headers()
            .xssProtection()
            .cacheControl()
            .httpStrictTransportSecurity()
            .addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
            .and()
         .requiresChannel()
            .antMatchers("/odeme/reklamsiz/kredikarti")
            .requiresSecure()
            .and()
         .addFilterAfter(new PrincipalFromAuthenticationFilter(applicationEventPublisher), SecurityContextHolderAwareRequestFilter.class)
         .addFilterAfter(new PrincipalModifiedFilter(principalModifierService, authenticationManagerBean()), SecurityContextHolderAwareRequestFilter.class)
         .authorizeRequests()
            .antMatchers(annotationProcessor.process(RequireLogin.class)).authenticated()
            .antMatchers("/*").permitAll();