juick-api: add hash-based authentication filter

1 files changed, 7 insertions, 1 deletions

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index d7904199..cd5e3bbc 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import javax.inject.Inject;
 
@@ -33,7 +34,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http.addFilterBefore(getJuickHashFilter(), UsernamePasswordAuthenticationFilter.class)
+                .authorizeRequests()
                 .antMatchers(HttpMethod.OPTIONS).permitAll()
                 .anyRequest().hasRole("USER")
                 .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
@@ -49,4 +51,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
     public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
         return new JuickAuthenticationEntryPoint();
     }
+    @Bean
+    public JuickHashFilter getJuickHashFilter() {
+        return new JuickHashFilter();
+    }
 }