diff options
Diffstat (limited to 'src/main/java/com/juick/config/SecurityConfig.java')
-rw-r--r-- | src/main/java/com/juick/config/SecurityConfig.java | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index f93e12a8..b16dc755 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -34,7 +34,9 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; @@ -126,30 +128,45 @@ public class SecurityConfig { BasicAuthenticationFilter.class) .authorizeHttpRequests(requests -> requests .requestMatchers(HttpMethod.OPTIONS).permitAll() - .requestMatchers("/api/", "/api/messages", "/api/avatar", "/api/messages/discussions", - "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk", - "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", - "/api/_google", "/api/_applelogin", "/api/signup", "/api/inbox", "/api/events", + .requestMatchers("/api/", "/api/messages", "/api/avatar", + "/api/messages/discussions", + "/api/users", "/api/thread", "/api/tags", + "/api/tlgmbtwbhk", "/api/fbwbhk", + "/api/skypebotendpoint", "/api/_fblogin", + "/api/_vklogin", "/api/_tglogin", + "/api/_google", "/api/_applelogin", "/api/signup", + "/api/inbox", "/api/events", "/api/info/**", "/api/nodeinfo/2.0") .permitAll() .anyRequest().hasRole("USER")) .anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER) .authorities(JuickUser.ANONYMOUS_AUTHORITY)) - .httpBasic(httpBasic -> httpBasic.authenticationEntryPoint(juickAuthenticationEntryPoint())) + .httpBasic(httpBasic -> httpBasic + .authenticationEntryPoint(juickAuthenticationEntryPoint())) .cors(cors -> cors.configurationSource(corsConfigurationSource())) - .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .exceptionHandling(exceptionHandling -> exceptionHandling.authenticationEntryPoint(juickAuthenticationEntryPoint())) + .sessionManagement(sessionManagement -> sessionManagement + .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .exceptionHandling(exceptionHandling -> exceptionHandling + .authenticationEntryPoint(juickAuthenticationEntryPoint())) .csrf().disable() .headers().defaultsDisabled().cacheControl(); return http.build(); } @Bean + public AuthenticationSuccessHandler successHandler() { + SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler(); + handler.setUseReferer(true); + return handler; + } + + @Bean public SecurityFilterChain wwwChain(HttpSecurity http) throws Exception { http.addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class) .authorizeHttpRequests(authorize -> authorize - .requestMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", + .requestMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", + "/post2", "/comment") .authenticated() .requestMatchers("/actuator/**").hasRole("ADMIN") @@ -168,10 +185,9 @@ public class SecurityConfig { .logoutSuccessUrl("/") .deleteCookies("hash", COOKIE_NAME)) .formLogin(form -> form.loginPage("/login") - .defaultSuccessUrl("/") - .loginProcessingUrl("/login") .usernameParameter("username") .passwordParameter("password") + .successHandler(successHandler()) .failureUrl("/login?error=1") .permitAll()) .csrf(csrf -> csrf.ignoringRequestMatchers("/settings/unsubscribe", "/h2-console/**")) |