Fix hash param authentication

author: Vitaly Takmazov 2018-09-07 15:22:09 +0300
committer: Vitaly Takmazov 2018-09-07 15:22:09 +0300
commit: 8bd7c95cd756b6b2790c5470b8cf2f0a4202796c (patch)
tree: 512b8eebd43c296c7b88e27490fb7f9b6af2080f
parent: f5b5b9edea2ce4ba7c01075f38592bebbfc8db3f (diff)
1 files changed, 28 insertions, 22 deletions
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
index 676de56b..883677d9 100644
--- a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
+++ b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -67,24 +67,6 @@ public class SecurityConfig {
     public UserDetailsService userDetailsService() {
         return new JuickUserDetailsService(userService);
     }
-    @Bean
-    public RememberMeServices rememberMeServices() throws Exception {
-        TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
-                rememberMeKey, userDetailsService());
-
-        services.setCookieName(COOKIE_NAME);
-        services.setCookieDomain(webDomain);
-        services.setAlwaysRemember(true);
-        services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
-        services.setUseSecureCookie(false); // TODO set true if https is supports
-
-        return services;
-    }
-    @Bean
-    public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception {
-        return new HashParamAuthenticationFilter(userService, rememberMeServices());
-    }
-
 
     @Configuration
     @Order(1)
@@ -102,10 +84,16 @@ public class SecurityConfig {
         RememberMeServices rememberMeServices(){
             return new RequestParamHashRememberMeServices(rememberMeKey, userService);
         }
+        @Bean
+        public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
+            return new HashParamAuthenticationFilter(userService, rememberMeServices());
+        }
 
         @Override
         protected void configure(HttpSecurity http) throws Exception {
-            http.antMatcher("/api/**").authorizeRequests()
+            http.antMatcher("/api/**")
+                    .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class)
+                    .authorizeRequests()
                     .antMatchers(HttpMethod.OPTIONS).permitAll()
                     .antMatchers("/api/", "/api/messages", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk",
                             "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", "/api/u/**", "/.well-known/webfinger").permitAll()
@@ -155,17 +143,35 @@ public class SecurityConfig {
 
     @Configuration
     public static class WebConfig extends WebSecurityConfigurerAdapter {
-        @Inject
-        private RememberMeServices rememberMeServices;
         @Value("${auth_remember_me_key:secret}")
         private String rememberMeKey;
         @Value("${web_domain:localhost}")
         private String webDomain;
         @Resource
         private UserService userService;
+        @Inject
+        private UserDetailsService userDetailsService;
+        @Bean
+        public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
+            return new HashParamAuthenticationFilter(userService, rememberMeServices());
+        }
+        @Bean
+        public RememberMeServices rememberMeServices() {
+            TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
+                    rememberMeKey, userDetailsService);
+
+            services.setCookieName(COOKIE_NAME);
+            services.setCookieDomain(webDomain);
+            services.setAlwaysRemember(true);
+            services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
+            services.setUseSecureCookie(false); // TODO set true if https is supports
+
+            return services;
+        }
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
+                    .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class)
                     .authorizeRequests()
                     .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment")
                     .authenticated()
@@ -192,7 +198,7 @@ public class SecurityConfig {
                     .and()
                     .rememberMe()
                     .rememberMeCookieDomain(webDomain).key(rememberMeKey)
-                    .rememberMeServices(rememberMeServices)
+                    .rememberMeServices(rememberMeServices())
                     .and()
                     .csrf().disable()
                     .headers().defaultsDisabled().cacheControl();
author	Vitaly Takmazov	2018-09-07 15:22:09 +0300
committer	Vitaly Takmazov	2018-09-07 15:22:09 +0300
commit	8bd7c95cd756b6b2790c5470b8cf2f0a4202796c (patch)
tree	512b8eebd43c296c7b88e27490fb7f9b6af2080f
parent	f5b5b9edea2ce4ba7c01075f38592bebbfc8db3f (diff)