aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/config/SecurityConfig.java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2023-05-31 22:00:06 +0300
committerGravatar Vitaly Takmazov2023-05-31 22:24:06 +0300
commitc4c0c227205d96e436a70885611e955e6fef7746 (patch)
tree0286cf9bd1f07b5f06198135953d3067fee54fbd /src/main/java/com/juick/config/SecurityConfig.java
parent41d02443a7a86fec3e5cf520eabeee8cfb477ca0 (diff)
Modernize spring-security configuration and minor changes
* Clean up warnings
Diffstat (limited to 'src/main/java/com/juick/config/SecurityConfig.java')
-rw-r--r--src/main/java/com/juick/config/SecurityConfig.java48
1 files changed, 32 insertions, 16 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index 8a41ab5b..70dc19fa 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -40,7 +40,6 @@ import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.jwt.JwtDecoder;
@@ -68,6 +67,8 @@ import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collections;
+import static org.springframework.security.config.Customizer.withDefaults;
+
/**
* Created by aalexeev on 11/21/16.
*/
@@ -81,6 +82,7 @@ public class SecurityConfig {
@Inject
private JdbcTemplate jdbcTemplate;
private static final String COOKIE_NAME = "juick-remember-me";
+
@Bean
UserDetailsService userDetailsService() {
return new JuickUserDetailsService(userService);
@@ -139,27 +141,25 @@ public class SecurityConfig {
services.setUseSecureCookie(false); // TODO set true if https is supports
return services;
}
+
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
- .authorizationServerSettings(AuthorizationServerSettings.builder()
- .authorizationEndpoint("/oauth/authorize")
- .tokenEndpoint("/oauth/token")
- .build())
.oidc(Customizer.withDefaults());
http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
// Accept access tokens for User Info and/or Client Registration
- .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
-
+ .oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()));
return http.formLogin(Customizer.withDefaults()).build();
}
+
@Bean
public RegisteredClientRepository registeredClientRepository() {
return new JdbcRegisteredClientRepository(jdbcTemplate);
}
+
@Bean
public JWKSource<SecurityContext> jwkSource() {
RSAPublicKey publicKey = (RSAPublicKey) keystoreManager.getPublicKey();
@@ -171,10 +171,20 @@ public class SecurityConfig {
JWKSet jwkSet = new JWKSet(rsaKey);
return new ImmutableJWKSet<>(jwkSet);
}
+
@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
+
+ @Bean
+ public AuthorizationServerSettings authorizationServerSettings() {
+ return AuthorizationServerSettings.builder()
+ .authorizationEndpoint("/oauth/authorize")
+ .tokenEndpoint("/oauth/token")
+ .build();
+ }
+
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE + 1)
SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
@@ -194,8 +204,10 @@ public class SecurityConfig {
"/api/skypebotendpoint", "/api/_fblogin",
"/api/_vklogin", "/api/_tglogin",
"/api/_google", "/api/_applelogin", "/api/signup",
- "/api/inbox", "/api/events", "/api/u/", "/u/**", "/n/**",
- "/api/info/**", "/api/v1/apps", "/api/v1/instance", "/api/v2/instance",
+ "/api/inbox", "/api/events", "/api/u/", "/u/**",
+ "/n/**",
+ "/api/info/**", "/api/v1/apps", "/api/v1/instance",
+ "/api/v2/instance",
"/api/nodeinfo/2.0", "/oauth/**")
.permitAll()
.anyRequest().hasAnyAuthority("SCOPE_write", "ROLE_USER"))
@@ -204,36 +216,39 @@ public class SecurityConfig {
.httpBasic(httpBasic -> httpBasic
.authenticationEntryPoint(apiAuthenticationEntryPoint()))
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
- .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
+ .oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()))
.sessionManagement(sessionManagement -> sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(apiAuthenticationEntryPoint()))
- .csrf().disable()
- .headers().defaultsDisabled().cacheControl();
+ .csrf(AbstractHttpConfigurer::disable)
+ .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
return http.build();
}
+
@Bean
- SecurityFilterChain h2ConsoFilterChain(HttpSecurity http) throws Exception {
+ SecurityFilterChain h2ConsoleFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher("/h2-console/**")
.authorizeHttpRequests(auth -> auth
.anyRequest().permitAll())
.anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER)
.authorities(JuickUser.ANONYMOUS_AUTHORITY))
- .csrf().disable()
+ .csrf(AbstractHttpConfigurer::disable)
.sessionManagement(sessionManagement -> sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(apiAuthenticationEntryPoint()))
- .headers().defaultsDisabled().cacheControl();
+ .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
return http.build();
}
+
@Bean
AuthenticationSuccessHandler successHandler() {
var handler = new SavedRequestAwareAuthenticationSuccessHandler();
handler.setUseReferer(true);
return handler;
}
+
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE + 2)
SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
@@ -263,9 +278,10 @@ public class SecurityConfig {
.rememberMe(rememberMe -> rememberMe
.rememberMeCookieDomain(webDomain).key(rememberMeKey)
.rememberMeServices(hashCookieServices()))
- .headers().defaultsDisabled().cacheControl();
+ .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
return http.build();
}
+
@Bean
public SecurityFilterChain securityWebFilterChain(
HttpSecurity http) throws Exception {