aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main/java/com/juick/server
diff options
context:
space:
mode:
Diffstat (limited to 'juick-api/src/main/java/com/juick/server')
-rw-r--r--juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java12
1 files changed, 7 insertions, 5 deletions
diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
index 3809090e..8ea79498 100644
--- a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
@@ -19,18 +19,20 @@ package com.juick.server.configuration;
import com.juick.service.UserService;
import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint;
import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
@@ -63,12 +65,12 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
"/skypebotendpoint").permitAll()
.anyRequest().hasRole("USER")
- .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
.and().anonymous()
.and().cors().configurationSource(corsConfigurationSource())
.and().servletApi()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
.and()
.rememberMe()
.alwaysRemember(true)
@@ -99,8 +101,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
}
@Bean
- public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
- return new NotAuthorizedAuthenticationEntryPoint();
+ public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
+ return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}
@Bean