aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java12
-rw-r--r--juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java36
2 files changed, 7 insertions, 41 deletions
diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
index 3809090e..8ea79498 100644
--- a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
@@ -19,18 +19,20 @@ package com.juick.server.configuration;
import com.juick.service.UserService;
import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint;
import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
@@ -63,12 +65,12 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
"/skypebotendpoint").permitAll()
.anyRequest().hasRole("USER")
- .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
.and().anonymous()
.and().cors().configurationSource(corsConfigurationSource())
.and().servletApi()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
.and()
.rememberMe()
.alwaysRemember(true)
@@ -99,8 +101,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
}
@Bean
- public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
- return new NotAuthorizedAuthenticationEntryPoint();
+ public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
+ return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}
@Bean
diff --git a/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java b/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java
deleted file mode 100644
index b9bdcaa9..00000000
--- a/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (C) 2008-2017, Juick
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.juick.service.security;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * Created by vitalyster on 25.11.2016.
- */
-public class NotAuthorizedAuthenticationEntryPoint implements AuthenticationEntryPoint {
- @Override
- public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- }
-}