aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main/java/com/juick
diff options
context:
space:
mode:
Diffstat (limited to 'juick-api/src/main/java/com/juick')
-rw-r--r--juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java35
1 files changed, 8 insertions, 27 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index 8d074f7c..d7904199 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -2,22 +2,16 @@ package com.juick.api.configuration;
import com.juick.server.security.JuickAuthenticationEntryPoint;
import com.juick.server.security.JuickAuthenticationProvider;
-import com.juick.server.security.entities.JuickUser;
import com.juick.service.UserService;
-import org.apache.commons.lang3.StringUtils;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
import javax.inject.Inject;
@@ -40,32 +34,19 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
- .antMatchers("/home").hasRole("USER")
.antMatchers(HttpMethod.OPTIONS).permitAll()
- .and().httpBasic().authenticationEntryPoint(getBasicAuthEntryPoint())
+ .anyRequest().hasRole("USER")
+ .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and().anonymous()
+ .and().servletApi()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and().exceptionHandling().authenticationEntryPoint(getBasicAuthEntryPoint())
- .and().authenticationProvider(new JuickAuthenticationProvider());
+ .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and().authenticationProvider(new JuickAuthenticationProvider(userService))
+ .headers().cacheControl();
}
@Bean
- public JuickAuthenticationEntryPoint getBasicAuthEntryPoint() {
+ public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
return new JuickAuthenticationEntryPoint();
}
-
- @Bean("userDetailsService")
- @Override
- public UserDetailsService userDetailsServiceBean() throws Exception {
- return username -> {
- if (StringUtils.isBlank(username))
- throw new UsernameNotFoundException("Invalid user name " + username);
-
- com.juick.User user = userService.getUserByName(username);
-
- if (user != null)
- return new JuickUser(user);
-
- throw new UsernameNotFoundException("The username " + username + " is not found");
- };
- }
}