diff options
author | Vitaly Takmazov | 2017-03-29 14:36:47 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2017-03-29 14:54:18 +0300 |
commit | 3bfe5d94da692fd4d388c29903f7d50117904950 (patch) | |
tree | d4b5e020b64f4949da8fa2570f9aa97bfed1aaa4 | |
parent | 9f770c26d1e4f392d591bf35886e3dcc7371d64f (diff) |
juick-www: fix hash-based auth
-rw-r--r-- | juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java | 33 | ||||
-rw-r--r-- | juick-xmpp/src/main/java/com/juick/components/s2s/JuickBot.java | 2 | ||||
-rw-r--r-- | readme.txt | 2 |
3 files changed, 28 insertions, 9 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 9d603da8..2b8dc292 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -3,12 +3,15 @@ package com.juick.www.configuration; import com.juick.server.security.entities.JuickUser; import com.juick.service.UserService; import com.juick.service.security.JuickUserDetailsService; +import com.juick.service.security.deprecated.RequestParamHashRememberMeServices; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; -import org.springframework.core.env.Environment; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.RememberMeServices; import javax.annotation.Resource; @@ -17,8 +20,10 @@ import javax.annotation.Resource; */ @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - @Resource - private Environment env; + @Value("${auth_remember_me_key}") + private String rememberMeKey; + @Value("${web_domain:juick.com}") + private String webDomain; @Resource private UserService userService; @@ -54,10 +59,24 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .tokenValiditySeconds(6 * 30 * 24 * 3600) .alwaysRemember(true) //.useSecureCookie(true) // TODO Enable if https is supports - .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) + .rememberMeCookieDomain(webDomain) .userDetailsService(userDetailsServiceBean()) - .key(env.getProperty("auth_remember_me_key")) - .and() - .csrf().disable(); + .rememberMeServices(rememberMeServices()) + .key(rememberMeKey) + .and().authenticationProvider(authenticationProvider()) + .headers().defaultsDisabled().cacheControl(); + } + @Bean + public DaoAuthenticationProvider authenticationProvider() { + DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); + + authenticationProvider.setUserDetailsService(userDetailsService()); + + return authenticationProvider; + } + + @Bean + public RememberMeServices rememberMeServices() throws Exception { + return new RequestParamHashRememberMeServices(rememberMeKey, userService); } } diff --git a/juick-xmpp/src/main/java/com/juick/components/s2s/JuickBot.java b/juick-xmpp/src/main/java/com/juick/components/s2s/JuickBot.java index 3242803a..c6e9b1c7 100644 --- a/juick-xmpp/src/main/java/com/juick/components/s2s/JuickBot.java +++ b/juick-xmpp/src/main/java/com/juick/components/s2s/JuickBot.java @@ -321,7 +321,7 @@ public class JuickBot implements StanzaListener, AutoCloseable { } private void commandLogin(Message m, User user_from) { - sendReply(m.getFrom(), "http://juick.com/login?" + xmpp.userService.getHashByUID(user_from.getUid())); + sendReply(m.getFrom(), "http://juick.com/login?hash=" + xmpp.userService.getHashByUID(user_from.getUid())); } private void commandPM(Message m, User user_from, String user_to, String body) { @@ -27,7 +27,7 @@ mysql -u user -p ./gradlew :juick-www:appRun -http://localhost:8080/login?fuckthisverymuch +http://localhost:8080/login?hash=fuckthisverymuch чтобы работал юникод, в ~/.my.cnf добавить: |