aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2017-03-29 14:36:47 +0300
committerGravatar Vitaly Takmazov2017-03-29 14:54:18 +0300
commit3bfe5d94da692fd4d388c29903f7d50117904950 (patch)
treed4b5e020b64f4949da8fa2570f9aa97bfed1aaa4 /juick-www/src/main/java/com/juick
parent9f770c26d1e4f392d591bf35886e3dcc7371d64f (diff)
juick-www: fix hash-based auth
Diffstat (limited to 'juick-www/src/main/java/com/juick')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java33
1 files changed, 26 insertions, 7 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 9d603da8..2b8dc292 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -3,12 +3,15 @@ package com.juick.www.configuration;
import com.juick.server.security.entities.JuickUser;
import com.juick.service.UserService;
import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
-import org.springframework.core.env.Environment;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.RememberMeServices;
import javax.annotation.Resource;
@@ -17,8 +20,10 @@ import javax.annotation.Resource;
*/
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Resource
- private Environment env;
+ @Value("${auth_remember_me_key}")
+ private String rememberMeKey;
+ @Value("${web_domain:juick.com}")
+ private String webDomain;
@Resource
private UserService userService;
@@ -54,10 +59,24 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.tokenValiditySeconds(6 * 30 * 24 * 3600)
.alwaysRemember(true)
//.useSecureCookie(true) // TODO Enable if https is supports
- .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
+ .rememberMeCookieDomain(webDomain)
.userDetailsService(userDetailsServiceBean())
- .key(env.getProperty("auth_remember_me_key"))
- .and()
- .csrf().disable();
+ .rememberMeServices(rememberMeServices())
+ .key(rememberMeKey)
+ .and().authenticationProvider(authenticationProvider())
+ .headers().defaultsDisabled().cacheControl();
+ }
+ @Bean
+ public DaoAuthenticationProvider authenticationProvider() {
+ DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+
+ authenticationProvider.setUserDetailsService(userDetailsService());
+
+ return authenticationProvider;
+ }
+
+ @Bean
+ public RememberMeServices rememberMeServices() throws Exception {
+ return new RequestParamHashRememberMeServices(rememberMeKey, userService);
}
}