diff options
-rw-r--r-- | juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java | 12 | ||||
-rw-r--r-- | juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java | 36 |
2 files changed, 7 insertions, 41 deletions
diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java index 3809090e..8ea79498 100644 --- a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java @@ -19,18 +19,20 @@ package com.juick.server.configuration; import com.juick.service.UserService; import com.juick.service.security.JuickUserDetailsService; -import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint; import com.juick.service.security.deprecated.RequestParamHashRememberMeServices; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; @@ -63,12 +65,12 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk", "/skypebotendpoint").permitAll() .anyRequest().hasRole("USER") - .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) + .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint()) .and().anonymous() .and().cors().configurationSource(corsConfigurationSource()) .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) + .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint()) .and() .rememberMe() .alwaysRemember(true) @@ -99,8 +101,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { - return new NotAuthorizedAuthenticationEntryPoint(); + public AuthenticationEntryPoint juickAuthenticationEntryPoint() { + return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); } @Bean diff --git a/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java b/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java deleted file mode 100644 index b9bdcaa9..00000000 --- a/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (C) 2008-2017, Juick - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -package com.juick.service.security; - -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.AuthenticationEntryPoint; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -/** - * Created by vitalyster on 25.11.2016. - */ -public class NotAuthorizedAuthenticationEntryPoint implements AuthenticationEntryPoint { - @Override - public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) { - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - } -} |