aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick/www/configuration
diff options
context:
space:
mode:
authorGravatar Alexander Alexeev2017-04-05 17:36:38 +0700
committerGravatar Vitaly Takmazov2017-04-05 14:02:56 +0300
commita9a2c587a4de11ce04aaae7a0c1a5dab1430794a (patch)
treebd86b40c1fefc10b3fa30d370ce0cdee5ba4ee06 /juick-www/src/main/java/com/juick/www/configuration
parent4c99585f95cda1839f364524b6f68a16d063ed61 (diff)
login by hash, remember-me
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/configuration')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java41
1 files changed, 29 insertions, 12 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 2b8dc292..3c674d0c 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -1,17 +1,20 @@
package com.juick.www.configuration;
+import com.juick.server.security.HashParamAuthenticationFilter;
import com.juick.server.security.entities.JuickUser;
import com.juick.service.UserService;
import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.annotation.Resource;
@@ -33,8 +36,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
return new JuickUserDetailsService(userService);
}
+ @Bean("authenticationManager")
+ @Override
+ public AuthenticationManager authenticationManagerBean() throws Exception {
+ return super.authenticationManagerBean();
+ }
+
@Override
protected void configure(HttpSecurity http) throws Exception {
+ http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
.antMatchers("/settings", "/pm/**").authenticated()
@@ -44,7 +54,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.and()
.sessionManagement().invalidSessionUrl("/")
.and()
- .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
+ .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/login?logout")
.and()
.formLogin()
.loginPage("/login")
@@ -53,30 +63,37 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
- .failureUrl("/login-error")
+ .failureUrl("/login?error=1")
.and()
.rememberMe()
.tokenValiditySeconds(6 * 30 * 24 * 3600)
.alwaysRemember(true)
//.useSecureCookie(true) // TODO Enable if https is supports
- .rememberMeCookieDomain(webDomain)
+ .rememberMeCookieDomain(webDomain).key(rememberMeKey)
.userDetailsService(userDetailsServiceBean())
- .rememberMeServices(rememberMeServices())
- .key(rememberMeKey)
- .and().authenticationProvider(authenticationProvider())
+ .and()
+ .csrf().disable()
+ .authenticationProvider(authenticationProvider())
.headers().defaultsDisabled().cacheControl();
}
+
@Bean
- public DaoAuthenticationProvider authenticationProvider() {
+ public DaoAuthenticationProvider authenticationProvider() throws Exception {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
- authenticationProvider.setUserDetailsService(userDetailsService());
+ authenticationProvider.setUserDetailsService(userDetailsServiceBean());
return authenticationProvider;
}
@Bean
- public RememberMeServices rememberMeServices() throws Exception {
- return new RequestParamHashRememberMeServices(rememberMeKey, userService);
+ public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
+ return new HashParamAuthenticationFilter(userService);
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ web.debug(false);
+ web.ignoring().antMatchers("/style.css*", "/scripts.js*");
}
}