diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/configuration')
-rw-r--r-- | juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java index 8203e3f79..8b42a7a3f 100644 --- a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java +++ b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java @@ -81,18 +81,18 @@ public class SecurityConfig { super(true); } @Bean - RememberMeServices rememberMeServices(){ + RememberMeServices apiTokenServices(){ return new RequestParamHashRememberMeServices(rememberMeKey, userService); } @Bean - public HashParamAuthenticationFilter hashParamAuthenticationFilter() { - return new HashParamAuthenticationFilter(userService, rememberMeServices()); + public HashParamAuthenticationFilter apiAuthenticationFilter() { + return new HashParamAuthenticationFilter(userService, apiTokenServices()); } @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/api/**") - .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class) + .addFilterBefore(apiAuthenticationFilter(), BasicAuthenticationFilter.class) .authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll() .antMatchers("/api/", "/api/messages", "/api/messages/discussions", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk", @@ -109,7 +109,7 @@ public class SecurityConfig { .rememberMe() .alwaysRemember(true) .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30)) - .rememberMeServices(rememberMeServices()) + .rememberMeServices(apiTokenServices()) .key(rememberMeKey) .and() .headers().defaultsDisabled().cacheControl(); @@ -152,11 +152,11 @@ public class SecurityConfig { @Inject private UserDetailsService userDetailsService; @Bean - public HashParamAuthenticationFilter hashParamAuthenticationFilter() { - return new HashParamAuthenticationFilter(userService, rememberMeServices()); + public HashParamAuthenticationFilter wwwAuthenticationFilter() { + return new HashParamAuthenticationFilter(userService, hashCookieServices()); } @Bean - public RememberMeServices rememberMeServices() { + public RememberMeServices hashCookieServices() { TokenBasedRememberMeServices services = new TokenBasedRememberMeServices( rememberMeKey, userDetailsService); @@ -171,7 +171,7 @@ public class SecurityConfig { @Override protected void configure(HttpSecurity http) throws Exception { http - .addFilterBefore(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class) + .addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class) .authorizeRequests() .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment") .authenticated() @@ -198,7 +198,7 @@ public class SecurityConfig { .and() .rememberMe() .rememberMeCookieDomain(webDomain).key(rememberMeKey) - .rememberMeServices(rememberMeServices()) + .rememberMeServices(hashCookieServices()) .and() .csrf().disable() .headers().defaultsDisabled().cacheControl(); |