aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/config/SecurityConfig.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/config/SecurityConfig.java')
-rw-r--r--src/main/java/com/juick/config/SecurityConfig.java36
1 files changed, 26 insertions, 10 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index f93e12a8..b16dc755 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -34,7 +34,9 @@ import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -126,30 +128,45 @@ public class SecurityConfig {
BasicAuthenticationFilter.class)
.authorizeHttpRequests(requests -> requests
.requestMatchers(HttpMethod.OPTIONS).permitAll()
- .requestMatchers("/api/", "/api/messages", "/api/avatar", "/api/messages/discussions",
- "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk",
- "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin",
- "/api/_google", "/api/_applelogin", "/api/signup", "/api/inbox", "/api/events",
+ .requestMatchers("/api/", "/api/messages", "/api/avatar",
+ "/api/messages/discussions",
+ "/api/users", "/api/thread", "/api/tags",
+ "/api/tlgmbtwbhk", "/api/fbwbhk",
+ "/api/skypebotendpoint", "/api/_fblogin",
+ "/api/_vklogin", "/api/_tglogin",
+ "/api/_google", "/api/_applelogin", "/api/signup",
+ "/api/inbox", "/api/events",
"/api/info/**",
"/api/nodeinfo/2.0")
.permitAll()
.anyRequest().hasRole("USER"))
.anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER)
.authorities(JuickUser.ANONYMOUS_AUTHORITY))
- .httpBasic(httpBasic -> httpBasic.authenticationEntryPoint(juickAuthenticationEntryPoint()))
+ .httpBasic(httpBasic -> httpBasic
+ .authenticationEntryPoint(juickAuthenticationEntryPoint()))
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
- .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
- .exceptionHandling(exceptionHandling -> exceptionHandling.authenticationEntryPoint(juickAuthenticationEntryPoint()))
+ .sessionManagement(sessionManagement -> sessionManagement
+ .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .exceptionHandling(exceptionHandling -> exceptionHandling
+ .authenticationEntryPoint(juickAuthenticationEntryPoint()))
.csrf().disable()
.headers().defaultsDisabled().cacheControl();
return http.build();
}
@Bean
+ public AuthenticationSuccessHandler successHandler() {
+ SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler();
+ handler.setUseReferer(true);
+ return handler;
+ }
+
+ @Bean
public SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
http.addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class)
.authorizeHttpRequests(authorize -> authorize
- .requestMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2",
+ .requestMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post",
+ "/post2",
"/comment")
.authenticated()
.requestMatchers("/actuator/**").hasRole("ADMIN")
@@ -168,10 +185,9 @@ public class SecurityConfig {
.logoutSuccessUrl("/")
.deleteCookies("hash", COOKIE_NAME))
.formLogin(form -> form.loginPage("/login")
- .defaultSuccessUrl("/")
- .loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
+ .successHandler(successHandler())
.failureUrl("/login?error=1")
.permitAll())
.csrf(csrf -> csrf.ignoringRequestMatchers("/settings/unsubscribe", "/h2-console/**"))