aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'juick-api/src/main')
-rw-r--r--juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java42
-rw-r--r--juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java44
2 files changed, 32 insertions, 54 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index b3d2d21e..8da51f5a 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -1,24 +1,27 @@
package com.juick.api.configuration;
import com.juick.server.security.JuickAuthenticationEntryPoint;
-import com.juick.server.security.JuickAuthenticationProvider;
import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.SimpleRememberMeServices;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import javax.inject.Inject;
import java.util.Arrays;
+import java.util.concurrent.TimeUnit;
/**
* Created by aalexeev on 11/21/16.
@@ -38,8 +41,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.addFilterBefore(getJuickHashFilter(), UsernamePasswordAuthenticationFilter.class)
- .authorizeRequests()
+ http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().hasRole("USER")
.and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
@@ -48,22 +50,42 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
.and().servletApi()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
- .and().authenticationProvider(new JuickAuthenticationProvider(userService))
+ .and()
+ .rememberMe()
+ .alwaysRemember(true)
+ .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
+ .rememberMeServices(rememberMeServices())
+ .key(env.getProperty("auth_remember_me_key"))
+ .and().authenticationProvider(authenticationProvider())
.headers().defaultsDisabled().cacheControl();
}
@Bean
- public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
- return new JuickAuthenticationEntryPoint();
+ public DaoAuthenticationProvider authenticationProvider() {
+ DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+
+ authenticationProvider.setUserDetailsService(userDetailsService());
+
+ return authenticationProvider;
+ }
+
+ @Bean
+ public JuickUserDetailsService userDetailsService() {
+ return new JuickUserDetailsService(userService);
+ }
+
+ @Bean
+ public RememberMeServices rememberMeServices() throws Exception {
+ return new SimpleRememberMeServices(env.getProperty("auth_remember_me_key"), userDetailsService(), userService, env);
}
@Bean
- public JuickHashFilter getJuickHashFilter() {
- return new JuickHashFilter();
+ public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
+ return new JuickAuthenticationEntryPoint();
}
@Bean
- CorsConfigurationSource corsConfigurationSource() {
+ public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
diff --git a/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java b/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java
deleted file mode 100644
index 62e6f3d2..00000000
--- a/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package com.juick.api.configuration;
-
-import com.juick.User;
-import com.juick.service.UserService;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.WebAuthenticationDetails;
-import org.springframework.web.filter.GenericFilterBean;
-
-import javax.inject.Inject;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
-import java.util.Collections;
-import java.util.List;
-
-/**
- * Created by vitalyster on 27.11.2016.
- */
-public class JuickHashFilter extends GenericFilterBean {
- @Inject
- UserService userService;
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- String hash = request.getParameter("hash");
- if (hash != null) {
- User user = userService.getUserByHash(hash);
- if (user.getUid() > 0) {
- List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
- UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getName(), null);
- token.setDetails(new WebAuthenticationDetails((HttpServletRequest) request));
- SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user.getName(), null, authorities));
- }
- }
- chain.doFilter(request, response);
- }
- }