diff options
| author |  Vitaly Takmazov | 2023-01-06 09:42:13 +0300 |
|---|---|---|
| committer | Vitaly Takmazov | 2023-01-06 09:42:13 +0300 |
| commit | a5686d4be2a0e82deeaedcd4194a732759832578 (patch) | |
| tree | fbbeb810abf8c06f2d3e9323dd7fb89cbcea1540 /src/main/java/com/juick/config | |
| parent | 67235435df5f7c8153696c4d9200d82da5d4325f (diff) | |
Mastodon API: timelines and minor fixes
Diffstat (limited to 'src/main/java/com/juick/config')
| -rw-r--r-- | src/main/java/com/juick/config/SecurityConfig.java | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index 7fada80b..47033c11 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -52,7 +52,10 @@ import org.springframework.security.oauth2.server.authorization.config.annotatio import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.*; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; @@ -81,6 +84,8 @@ public class SecurityConfig { @Inject private JdbcTemplate jdbcTemplate; private static final String COOKIE_NAME = "juick-remember-me"; + @Value("${ap_base_uri:http://localhost:8080/}") + private String baseUri; @Bean UserDetailsService userDetailsService() { return new JuickUserDetailsService(userService); @@ -148,6 +153,8 @@ public class SecurityConfig { public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); + var loginUrlAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login"); + loginUrlAuthenticationEntryPoint.setForceHttps(true); http.getConfigurer(OAuth2AuthorizationServerConfigurer.class) .authorizationServerSettings(AuthorizationServerSettings.builder() .authorizationEndpoint("/oauth/authorize") @@ -158,7 +165,7 @@ public class SecurityConfig { // Redirect to the login page when not authenticated from the // authorization endpoint .exceptionHandling((exceptions) -> exceptions - .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) + .authenticationEntryPoint(loginUrlAuthenticationEntryPoint) ) // Accept access tokens for User Info and/or Client Registration .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); @@ -169,7 +176,6 @@ public class SecurityConfig { public RegisteredClientRepository registeredClientRepository() { return new JdbcRegisteredClientRepository(jdbcTemplate); } - @Bean public JWKSource<SecurityContext> jwkSource() { RSAPublicKey publicKey = (RSAPublicKey) keystoreManager.getPublicKey(); @@ -186,11 +192,6 @@ public class SecurityConfig { return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource); } @Bean - public AuthorizationServerSettings authorizationServerSettings() { - return AuthorizationServerSettings.builder().build(); - } - - @Bean @Order(Ordered.HIGHEST_PRECEDENCE + 1) SecurityFilterChain apiChain(HttpSecurity http) throws Exception { http.securityMatcher("/api/**", "/u/**", "/n/**") |