aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2018-09-07 15:22:09 +0300
committerGravatar Vitaly Takmazov2018-09-07 15:22:09 +0300
commit8bd7c95cd756b6b2790c5470b8cf2f0a4202796c (patch)
tree512b8eebd43c296c7b88e27490fb7f9b6af2080f /juick-server/src/main/java/com/juick
parentf5b5b9edea2ce4ba7c01075f38592bebbfc8db3f (diff)
Fix hash param authentication
Diffstat (limited to 'juick-server/src/main/java/com/juick')
-rw-r--r--juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java50
1 files changed, 28 insertions, 22 deletions
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
index 676de56b..883677d9 100644
--- a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
+++ b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -67,24 +67,6 @@ public class SecurityConfig {
public UserDetailsService userDetailsService() {
return new JuickUserDetailsService(userService);
}
- @Bean
- public RememberMeServices rememberMeServices() throws Exception {
- TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
- rememberMeKey, userDetailsService());
-
- services.setCookieName(COOKIE_NAME);
- services.setCookieDomain(webDomain);
- services.setAlwaysRemember(true);
- services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
- services.setUseSecureCookie(false); // TODO set true if https is supports
-
- return services;
- }
- @Bean
- public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception {
- return new HashParamAuthenticationFilter(userService, rememberMeServices());
- }
-
@Configuration
@Order(1)
@@ -102,10 +84,16 @@ public class SecurityConfig {
RememberMeServices rememberMeServices(){
return new RequestParamHashRememberMeServices(rememberMeKey, userService);
}
+ @Bean
+ public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
+ return new HashParamAuthenticationFilter(userService, rememberMeServices());
+ }
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.antMatcher("/api/**").authorizeRequests()
+ http.antMatcher("/api/**")
+ .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class)
+ .authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/api/", "/api/messages", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk",
"/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", "/api/u/**", "/.well-known/webfinger").permitAll()
@@ -155,17 +143,35 @@ public class SecurityConfig {
@Configuration
public static class WebConfig extends WebSecurityConfigurerAdapter {
- @Inject
- private RememberMeServices rememberMeServices;
@Value("${auth_remember_me_key:secret}")
private String rememberMeKey;
@Value("${web_domain:localhost}")
private String webDomain;
@Resource
private UserService userService;
+ @Inject
+ private UserDetailsService userDetailsService;
+ @Bean
+ public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
+ return new HashParamAuthenticationFilter(userService, rememberMeServices());
+ }
+ @Bean
+ public RememberMeServices rememberMeServices() {
+ TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
+ rememberMeKey, userDetailsService);
+
+ services.setCookieName(COOKIE_NAME);
+ services.setCookieDomain(webDomain);
+ services.setAlwaysRemember(true);
+ services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
+ services.setUseSecureCookie(false); // TODO set true if https is supports
+
+ return services;
+ }
@Override
protected void configure(HttpSecurity http) throws Exception {
http
+ .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment")
.authenticated()
@@ -192,7 +198,7 @@ public class SecurityConfig {
.and()
.rememberMe()
.rememberMeCookieDomain(webDomain).key(rememberMeKey)
- .rememberMeServices(rememberMeServices)
+ .rememberMeServices(rememberMeServices())
.and()
.csrf().disable()
.headers().defaultsDisabled().cacheControl();