aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/service/security
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2019-04-29 14:06:24 +0300
committerGravatar Vitaly Takmazov2019-04-29 14:06:24 +0300
commitc3a9365645ec94d5b7c9778ab32c93e5eb4be5f6 (patch)
treed853fc7df61fdc18a20a52c93291853796e9a60f /src/main/java/com/juick/service/security
parent409ef92da23f4b650340197e7383ba8b528999e4 (diff)
UserUtils -> @Visitor
Diffstat (limited to 'src/main/java/com/juick/service/security')
-rw-r--r--src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java7
-rw-r--r--src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java2
-rw-r--r--src/main/java/com/juick/service/security/annotation/Visitor.java12
3 files changed, 16 insertions, 5 deletions
diff --git a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
index 44d97207..158841b4 100644
--- a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
+++ b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
@@ -3,12 +3,11 @@ package com.juick.service.security;
import com.juick.User;
import com.juick.server.SignatureManager;
import com.juick.service.UserService;
-import org.apache.commons.io.IOUtils;
+import com.juick.service.security.entities.JuickUser;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
@@ -18,7 +17,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
-import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.stream.Collectors;
@@ -51,7 +49,8 @@ public class HTTPSignatureAuthenticationFilter extends OncePerRequestFilter {
Authentication authentication = new UsernamePasswordAuthenticationToken(userWithPassword.getName(), userWithPassword.getCredentials());
SecurityContextHolder.getContext().setAuthentication(authentication);
} else {
- Authentication authentication = new AnonymousAuthenticationToken(userUri, user, Collections.singletonList(new SimpleGrantedAuthority("ROLE_ANONYMOUS")));
+ Authentication authentication = new AnonymousAuthenticationToken(userUri,
+ new JuickUser(user), JuickUser.ANONYMOUS_AUTHORITY);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
diff --git a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
index 2fd5a2a7..0a80a28c 100644
--- a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
+++ b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
@@ -18,8 +18,8 @@
package com.juick.service.security;
import com.juick.User;
-import com.juick.service.security.entities.JuickUser;
import com.juick.service.UserService;
+import com.juick.service.security.entities.JuickUser;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.core.Authentication;
diff --git a/src/main/java/com/juick/service/security/annotation/Visitor.java b/src/main/java/com/juick/service/security/annotation/Visitor.java
new file mode 100644
index 00000000..14d7cc87
--- /dev/null
+++ b/src/main/java/com/juick/service/security/annotation/Visitor.java
@@ -0,0 +1,12 @@
+package com.juick.service.security.annotation;
+
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+
+import java.lang.annotation.*;
+
+@Target({ ElementType.PARAMETER, ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@AuthenticationPrincipal(errorOnInvalidType = true, expression = "user")
+public @interface Visitor {
+}