aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java20
1 files changed, 10 insertions, 10 deletions
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
index 8203e3f7..8b42a7a3 100644
--- a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
+++ b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -81,18 +81,18 @@ public class SecurityConfig {
super(true);
}
@Bean
- RememberMeServices rememberMeServices(){
+ RememberMeServices apiTokenServices(){
return new RequestParamHashRememberMeServices(rememberMeKey, userService);
}
@Bean
- public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
- return new HashParamAuthenticationFilter(userService, rememberMeServices());
+ public HashParamAuthenticationFilter apiAuthenticationFilter() {
+ return new HashParamAuthenticationFilter(userService, apiTokenServices());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**")
- .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class)
+ .addFilterBefore(apiAuthenticationFilter(), BasicAuthenticationFilter.class)
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/api/", "/api/messages", "/api/messages/discussions", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk",
@@ -109,7 +109,7 @@ public class SecurityConfig {
.rememberMe()
.alwaysRemember(true)
.tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
- .rememberMeServices(rememberMeServices())
+ .rememberMeServices(apiTokenServices())
.key(rememberMeKey)
.and()
.headers().defaultsDisabled().cacheControl();
@@ -152,11 +152,11 @@ public class SecurityConfig {
@Inject
private UserDetailsService userDetailsService;
@Bean
- public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
- return new HashParamAuthenticationFilter(userService, rememberMeServices());
+ public HashParamAuthenticationFilter wwwAuthenticationFilter() {
+ return new HashParamAuthenticationFilter(userService, hashCookieServices());
}
@Bean
- public RememberMeServices rememberMeServices() {
+ public RememberMeServices hashCookieServices() {
TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
rememberMeKey, userDetailsService);
@@ -171,7 +171,7 @@ public class SecurityConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
- .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class)
+ .addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment")
.authenticated()
@@ -198,7 +198,7 @@ public class SecurityConfig {
.and()
.rememberMe()
.rememberMeCookieDomain(webDomain).key(rememberMeKey)
- .rememberMeServices(rememberMeServices())
+ .rememberMeServices(hashCookieServices())
.and()
.csrf().disable()
.headers().defaultsDisabled().cacheControl();