aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2023-05-31 22:00:06 +0300
committerGravatar Vitaly Takmazov2023-05-31 22:24:06 +0300
commitc4c0c227205d96e436a70885611e955e6fef7746 (patch)
tree0286cf9bd1f07b5f06198135953d3067fee54fbd
parent41d02443a7a86fec3e5cf520eabeee8cfb477ca0 (diff)
Modernize spring-security configuration and minor changes
* Clean up warnings
-rw-r--r--src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java1
-rw-r--r--src/main/java/com/juick/ServerManager.java1
-rw-r--r--src/main/java/com/juick/config/SecurityConfig.java48
-rw-r--r--src/main/java/com/juick/service/EmailServiceImpl.java1
-rw-r--r--src/main/java/com/juick/util/PrettyTimeFormatter.java1
-rw-r--r--src/main/java/com/juick/www/api/ApiSocialLogin.java3
-rw-r--r--src/main/java/com/juick/www/api/activity/Profile.java1
-rw-r--r--src/main/java/com/juick/www/controllers/Help.java1
-rw-r--r--src/main/java/com/juick/www/controllers/SignUp.java1
-rw-r--r--src/main/java/com/juick/www/rss/MessagesView.java2
-rw-r--r--src/main/java/com/mitchellbosecke/pebble/extension/filters/PrettyTimeFilter.java1
-rw-r--r--src/main/java/ru/sape/SapePageLinks.java1
12 files changed, 32 insertions, 30 deletions
diff --git a/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java b/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java
index 138238e9..7d394945 100644
--- a/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java
+++ b/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java
@@ -3,7 +3,6 @@ package com.github.scribejava.apis;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
-import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
diff --git a/src/main/java/com/juick/ServerManager.java b/src/main/java/com/juick/ServerManager.java
index a33d7d9a..60b6010f 100644
--- a/src/main/java/com/juick/ServerManager.java
+++ b/src/main/java/com/juick/ServerManager.java
@@ -38,7 +38,6 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
-import java.util.stream.Collectors;
/**
* @author Ugnich Anton
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index 8a41ab5b..70dc19fa 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -40,7 +40,6 @@ import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.jwt.JwtDecoder;
@@ -68,6 +67,8 @@ import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collections;
+import static org.springframework.security.config.Customizer.withDefaults;
+
/**
* Created by aalexeev on 11/21/16.
*/
@@ -81,6 +82,7 @@ public class SecurityConfig {
@Inject
private JdbcTemplate jdbcTemplate;
private static final String COOKIE_NAME = "juick-remember-me";
+
@Bean
UserDetailsService userDetailsService() {
return new JuickUserDetailsService(userService);
@@ -139,27 +141,25 @@ public class SecurityConfig {
services.setUseSecureCookie(false); // TODO set true if https is supports
return services;
}
+
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
- .authorizationServerSettings(AuthorizationServerSettings.builder()
- .authorizationEndpoint("/oauth/authorize")
- .tokenEndpoint("/oauth/token")
- .build())
.oidc(Customizer.withDefaults());
http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
// Accept access tokens for User Info and/or Client Registration
- .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
-
+ .oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()));
return http.formLogin(Customizer.withDefaults()).build();
}
+
@Bean
public RegisteredClientRepository registeredClientRepository() {
return new JdbcRegisteredClientRepository(jdbcTemplate);
}
+
@Bean
public JWKSource<SecurityContext> jwkSource() {
RSAPublicKey publicKey = (RSAPublicKey) keystoreManager.getPublicKey();
@@ -171,10 +171,20 @@ public class SecurityConfig {
JWKSet jwkSet = new JWKSet(rsaKey);
return new ImmutableJWKSet<>(jwkSet);
}
+
@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
+
+ @Bean
+ public AuthorizationServerSettings authorizationServerSettings() {
+ return AuthorizationServerSettings.builder()
+ .authorizationEndpoint("/oauth/authorize")
+ .tokenEndpoint("/oauth/token")
+ .build();
+ }
+
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE + 1)
SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
@@ -194,8 +204,10 @@ public class SecurityConfig {
"/api/skypebotendpoint", "/api/_fblogin",
"/api/_vklogin", "/api/_tglogin",
"/api/_google", "/api/_applelogin", "/api/signup",
- "/api/inbox", "/api/events", "/api/u/", "/u/**", "/n/**",
- "/api/info/**", "/api/v1/apps", "/api/v1/instance", "/api/v2/instance",
+ "/api/inbox", "/api/events", "/api/u/", "/u/**",
+ "/n/**",
+ "/api/info/**", "/api/v1/apps", "/api/v1/instance",
+ "/api/v2/instance",
"/api/nodeinfo/2.0", "/oauth/**")
.permitAll()
.anyRequest().hasAnyAuthority("SCOPE_write", "ROLE_USER"))
@@ -204,36 +216,39 @@ public class SecurityConfig {
.httpBasic(httpBasic -> httpBasic
.authenticationEntryPoint(apiAuthenticationEntryPoint()))
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
- .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
+ .oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()))
.sessionManagement(sessionManagement -> sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(apiAuthenticationEntryPoint()))
- .csrf().disable()
- .headers().defaultsDisabled().cacheControl();
+ .csrf(AbstractHttpConfigurer::disable)
+ .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
return http.build();
}
+
@Bean
- SecurityFilterChain h2ConsoFilterChain(HttpSecurity http) throws Exception {
+ SecurityFilterChain h2ConsoleFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher("/h2-console/**")
.authorizeHttpRequests(auth -> auth
.anyRequest().permitAll())
.anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER)
.authorities(JuickUser.ANONYMOUS_AUTHORITY))
- .csrf().disable()
+ .csrf(AbstractHttpConfigurer::disable)
.sessionManagement(sessionManagement -> sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(apiAuthenticationEntryPoint()))
- .headers().defaultsDisabled().cacheControl();
+ .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
return http.build();
}
+
@Bean
AuthenticationSuccessHandler successHandler() {
var handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setUseReferer(true);
return handler;
}
+
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE + 2)
SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
@@ -263,9 +278,10 @@ public class SecurityConfig {
.rememberMe(rememberMe -> rememberMe
.rememberMeCookieDomain(webDomain).key(rememberMeKey)
.rememberMeServices(hashCookieServices()))
- .headers().defaultsDisabled().cacheControl();
+ .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
return http.build();
}
+
@Bean
public SecurityFilterChain securityWebFilterChain(
HttpSecurity http) throws Exception {
diff --git a/src/main/java/com/juick/service/EmailServiceImpl.java b/src/main/java/com/juick/service/EmailServiceImpl.java
index 85e56a05..383dbdaf 100644
--- a/src/main/java/com/juick/service/EmailServiceImpl.java
+++ b/src/main/java/com/juick/service/EmailServiceImpl.java
@@ -24,7 +24,6 @@ import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
-import java.sql.Types;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
diff --git a/src/main/java/com/juick/util/PrettyTimeFormatter.java b/src/main/java/com/juick/util/PrettyTimeFormatter.java
index 79240eb2..65813d93 100644
--- a/src/main/java/com/juick/util/PrettyTimeFormatter.java
+++ b/src/main/java/com/juick/util/PrettyTimeFormatter.java
@@ -20,7 +20,6 @@ package com.juick.util;
import org.ocpsoft.prettytime.PrettyTime;
import java.time.Instant;
-import java.util.Date;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java
index bf0d26bc..c8758d59 100644
--- a/src/main/java/com/juick/www/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java
@@ -51,7 +51,6 @@ import org.springframework.web.util.UriComponentsBuilder;
import jakarta.annotation.PostConstruct;
import javax.inject.Inject;
import java.io.IOException;
-import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
@@ -72,7 +71,6 @@ public class ApiSocialLogin {
private String FACEBOOK_SECRET;
private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
private static final String VK_REDIRECT = "https://api.juick.com/_vklogin";
- private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
@Inject
private ObjectMapper jsonMapper;
private OAuth20Service facebookAuthService, vkAuthService, appleSignInService;
@@ -104,7 +102,6 @@ public class ApiSocialLogin {
@PostConstruct
public void init() {
ServiceBuilder facebookBuilder = new ServiceBuilder(FACEBOOK_APPID);
- ServiceBuilder twitterBuilder = new ServiceBuilder(twitterConsumerKey);
ServiceBuilder vkBuilder = new ServiceBuilder(VK_APPID);
facebookAuthService = facebookBuilder
.apiSecret(FACEBOOK_SECRET)
diff --git a/src/main/java/com/juick/www/api/activity/Profile.java b/src/main/java/com/juick/www/api/activity/Profile.java
index a8ff003f..0a6726ee 100644
--- a/src/main/java/com/juick/www/api/activity/Profile.java
+++ b/src/main/java/com/juick/www/api/activity/Profile.java
@@ -74,7 +74,6 @@ import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.List;
-import java.util.NoSuchElementException;
import java.util.stream.Stream;
@RestController
diff --git a/src/main/java/com/juick/www/controllers/Help.java b/src/main/java/com/juick/www/controllers/Help.java
index ec60d7df..ae722594 100644
--- a/src/main/java/com/juick/www/controllers/Help.java
+++ b/src/main/java/com/juick/www/controllers/Help.java
@@ -27,7 +27,6 @@ import org.commonmark.renderer.html.HtmlRenderer;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import javax.inject.Inject;
diff --git a/src/main/java/com/juick/www/controllers/SignUp.java b/src/main/java/com/juick/www/controllers/SignUp.java
index 87182ebd..50ce6955 100644
--- a/src/main/java/com/juick/www/controllers/SignUp.java
+++ b/src/main/java/com/juick/www/controllers/SignUp.java
@@ -34,7 +34,6 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
diff --git a/src/main/java/com/juick/www/rss/MessagesView.java b/src/main/java/com/juick/www/rss/MessagesView.java
index d6edeb28..cb4eea2e 100644
--- a/src/main/java/com/juick/www/rss/MessagesView.java
+++ b/src/main/java/com/juick/www/rss/MessagesView.java
@@ -24,8 +24,6 @@ import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
-import java.util.stream.Collectors;
-
import javax.inject.Inject;
import com.juick.model.Attachment;
diff --git a/src/main/java/com/mitchellbosecke/pebble/extension/filters/PrettyTimeFilter.java b/src/main/java/com/mitchellbosecke/pebble/extension/filters/PrettyTimeFilter.java
index e3708e2a..10761632 100644
--- a/src/main/java/com/mitchellbosecke/pebble/extension/filters/PrettyTimeFilter.java
+++ b/src/main/java/com/mitchellbosecke/pebble/extension/filters/PrettyTimeFilter.java
@@ -23,7 +23,6 @@ import io.pebbletemplates.pebble.template.EvaluationContext;
import io.pebbletemplates.pebble.template.PebbleTemplate;
import java.time.Instant;
-import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.Map;
diff --git a/src/main/java/ru/sape/SapePageLinks.java b/src/main/java/ru/sape/SapePageLinks.java
index c9eeeb6f..4352d5c7 100644
--- a/src/main/java/ru/sape/SapePageLinks.java
+++ b/src/main/java/ru/sape/SapePageLinks.java
@@ -23,7 +23,6 @@ import org.apache.commons.lang3.StringUtils;
import java.net.URI;
import java.util.Collections;
import java.util.List;
-import java.util.stream.Collectors;
public class SapePageLinks {