permit all for /users and /messages;

UserService on SimpleRememberMeService replaced by NullUserDetailsService

3 files changed, 20 insertions, 4 deletions

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index 8da51f5a..46e1725b 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -43,6 +43,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
                 .antMatchers(HttpMethod.OPTIONS).permitAll()
+                .antMatchers("/messages", "/users").permitAll()
                 .anyRequest().hasRole("USER")
                 .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
                 .and().anonymous()
@@ -76,7 +77,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Bean
     public RememberMeServices rememberMeServices() throws Exception {
-        return new SimpleRememberMeServices(env.getProperty("auth_remember_me_key"), userDetailsService(), userService, env);
+        return new SimpleRememberMeServices(env.getProperty("auth_remember_me_key"), userService, env);
     }
 
     @Bean
diff --git a/juick-server/src/main/java/com/juick/service/security/NullUserDetailsService.java b/juick-server/src/main/java/com/juick/service/security/NullUserDetailsService.java
new file mode 100644
index 00000000..49e9effc
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/service/security/NullUserDetailsService.java
@@ -0,0 +1,16 @@
+package com.juick.service.security;
+
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+/**
+ * Created by aalexeev on 11/28/16.
+ */
+public class NullUserDetailsService implements UserDetailsService {
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        throw new UsernameNotFoundException(
+                "loadUserByUsername called for NullUserDetailsService, user " + username + "can not be found");
+    }
+}
diff --git a/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java
index d5d54005..2a28866c 100644
--- a/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java
+++ b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java
@@ -8,7 +8,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.core.env.Environment;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
@@ -27,8 +26,8 @@ public class SimpleRememberMeServices extends AbstractRememberMeServices impleme
     private final UserService userService;
 
     public SimpleRememberMeServices(
-            final String key, final UserDetailsService userDetailsService, final UserService userService, final Environment environment) {
-        super(key, userDetailsService);
+            final String key, final UserService userService, final Environment environment) {
+        super(key, new NullUserDetailsService());
 
         Assert.notNull(userService);
         Assert.notNull(environment);