aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/config/SecurityConfig.java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2023-01-06 09:42:13 +0300
committerGravatar Vitaly Takmazov2023-01-06 09:42:13 +0300
commita5686d4be2a0e82deeaedcd4194a732759832578 (patch)
treefbbeb810abf8c06f2d3e9323dd7fb89cbcea1540 /src/main/java/com/juick/config/SecurityConfig.java
parent67235435df5f7c8153696c4d9200d82da5d4325f (diff)
Mastodon API: timelines and minor fixes
Diffstat (limited to 'src/main/java/com/juick/config/SecurityConfig.java')
-rw-r--r--src/main/java/com/juick/config/SecurityConfig.java17
1 files changed, 9 insertions, 8 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index 7fada80b..47033c11 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -52,7 +52,10 @@ import org.springframework.security.oauth2.server.authorization.config.annotatio
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.*;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -81,6 +84,8 @@ public class SecurityConfig {
@Inject
private JdbcTemplate jdbcTemplate;
private static final String COOKIE_NAME = "juick-remember-me";
+ @Value("${ap_base_uri:http://localhost:8080/}")
+ private String baseUri;
@Bean
UserDetailsService userDetailsService() {
return new JuickUserDetailsService(userService);
@@ -148,6 +153,8 @@ public class SecurityConfig {
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+ var loginUrlAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
+ loginUrlAuthenticationEntryPoint.setForceHttps(true);
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
.authorizationServerSettings(AuthorizationServerSettings.builder()
.authorizationEndpoint("/oauth/authorize")
@@ -158,7 +165,7 @@ public class SecurityConfig {
// Redirect to the login page when not authenticated from the
// authorization endpoint
.exceptionHandling((exceptions) -> exceptions
- .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
+ .authenticationEntryPoint(loginUrlAuthenticationEntryPoint)
)
// Accept access tokens for User Info and/or Client Registration
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
@@ -169,7 +176,6 @@ public class SecurityConfig {
public RegisteredClientRepository registeredClientRepository() {
return new JdbcRegisteredClientRepository(jdbcTemplate);
}
-
@Bean
public JWKSource<SecurityContext> jwkSource() {
RSAPublicKey publicKey = (RSAPublicKey) keystoreManager.getPublicKey();
@@ -186,11 +192,6 @@ public class SecurityConfig {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
@Bean
- public AuthorizationServerSettings authorizationServerSettings() {
- return AuthorizationServerSettings.builder().build();
- }
-
- @Bean
@Order(Ordered.HIGHEST_PRECEDENCE + 1)
SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
http.securityMatcher("/api/**", "/u/**", "/n/**")