aboutsummaryrefslogtreecommitdiff
path: root/juick-www
diff options
context:
space:
mode:
Diffstat (limited to 'juick-www')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java41
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Login.java40
2 files changed, 38 insertions, 43 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 2b8dc292..3c674d0c 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -1,17 +1,20 @@
package com.juick.www.configuration;
+import com.juick.server.security.HashParamAuthenticationFilter;
import com.juick.server.security.entities.JuickUser;
import com.juick.service.UserService;
import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.annotation.Resource;
@@ -33,8 +36,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
return new JuickUserDetailsService(userService);
}
+ @Bean("authenticationManager")
+ @Override
+ public AuthenticationManager authenticationManagerBean() throws Exception {
+ return super.authenticationManagerBean();
+ }
+
@Override
protected void configure(HttpSecurity http) throws Exception {
+ http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
.antMatchers("/settings", "/pm/**").authenticated()
@@ -44,7 +54,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.and()
.sessionManagement().invalidSessionUrl("/")
.and()
- .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
+ .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/login?logout")
.and()
.formLogin()
.loginPage("/login")
@@ -53,30 +63,37 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
- .failureUrl("/login-error")
+ .failureUrl("/login?error=1")
.and()
.rememberMe()
.tokenValiditySeconds(6 * 30 * 24 * 3600)
.alwaysRemember(true)
//.useSecureCookie(true) // TODO Enable if https is supports
- .rememberMeCookieDomain(webDomain)
+ .rememberMeCookieDomain(webDomain).key(rememberMeKey)
.userDetailsService(userDetailsServiceBean())
- .rememberMeServices(rememberMeServices())
- .key(rememberMeKey)
- .and().authenticationProvider(authenticationProvider())
+ .and()
+ .csrf().disable()
+ .authenticationProvider(authenticationProvider())
.headers().defaultsDisabled().cacheControl();
}
+
@Bean
- public DaoAuthenticationProvider authenticationProvider() {
+ public DaoAuthenticationProvider authenticationProvider() throws Exception {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
- authenticationProvider.setUserDetailsService(userDetailsService());
+ authenticationProvider.setUserDetailsService(userDetailsServiceBean());
return authenticationProvider;
}
@Bean
- public RememberMeServices rememberMeServices() throws Exception {
- return new RequestParamHashRememberMeServices(rememberMeKey, userService);
+ public HashParamAuthenticationFilter hashParamAuthenticationFilter() {
+ return new HashParamAuthenticationFilter(userService);
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ web.debug(false);
+ web.ignoring().antMatchers("/style.css*", "/scripts.js*");
}
}
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Login.java b/juick-www/src/main/java/com/juick/www/controllers/Login.java
index a83cbc16..8f9a993a 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Login.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Login.java
@@ -19,47 +19,25 @@ package com.juick.www.controllers;
import com.juick.service.UserService;
import com.juick.util.UserUtils;
-import com.juick.www.Utils;
-import com.juick.www.WebApp;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import javax.inject.Inject;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
+import org.springframework.web.bind.annotation.GetMapping;
/**
- *
* @author Ugnich Anton
*/
@Controller
public class Login {
- @Inject
- UserService userService;
- @Inject
- WebApp webApp;
+ @Autowired
+ private UserService userService;
- @RequestMapping(value = "/login", method = RequestMethod.GET)
- protected String doGetLoginForm(HttpServletRequest request, HttpServletResponse response) throws IOException {
+ @GetMapping("/login")
+ public String getloginForm() {
com.juick.User visitor = UserUtils.getCurrentUser();
- if (!visitor.isAnonymous()) {
+
+ if (!visitor.isAnonymous())
return "redirect:/";
- }
+
return "views/login";
}
- @RequestMapping(value="/logout", method = RequestMethod.GET)
- public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
- Authentication auth = SecurityContextHolder.getContext().getAuthentication();
- if (auth != null){
- new SecurityContextLogoutHandler().logout(request, response, auth);
- }
- return "redirect:/login?logout";
- }
}