aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/config/SecurityConfig.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/config/SecurityConfig.java')
-rw-r--r--src/main/java/com/juick/config/SecurityConfig.java17
1 files changed, 7 insertions, 10 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index d60abe00..d3f89eef 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -18,7 +18,7 @@
package com.juick.config;
import com.juick.KeystoreManager;
-import com.juick.SignatureManager;
+import com.juick.service.ActivityPubService;
import com.juick.service.UserService;
import com.juick.service.security.BearerTokenAuthenticationFilter;
import com.juick.service.security.HTTPSignatureAuthenticationFilter;
@@ -30,8 +30,6 @@ import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -53,7 +51,6 @@ import org.springframework.security.oauth2.server.authorization.config.annotatio
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.*;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
@@ -65,7 +62,6 @@ import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import javax.inject.Inject;
-import java.io.IOException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
@@ -107,7 +103,7 @@ public class SecurityConfig {
}
@Inject
- private SignatureManager signatureManager;
+ private ActivityPubService activityPubService;
@Bean
HashParamAuthenticationFilter apiAuthenticationFilter() {
@@ -195,11 +191,11 @@ public class SecurityConfig {
}
@Bean
- @Order(2)
+ @Order(Ordered.HIGHEST_PRECEDENCE + 1)
SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
- http.securityMatcher("/api/**")
+ http.securityMatcher("/api/**", "/u/**", "/n/**")
.addFilterBefore(apiAuthenticationFilter(), BasicAuthenticationFilter.class)
- .addFilterBefore(new HTTPSignatureAuthenticationFilter(signatureManager, userService),
+ .addFilterBefore(new HTTPSignatureAuthenticationFilter(activityPubService, userService),
BasicAuthenticationFilter.class)
.authorizeHttpRequests(requests -> requests
.requestMatchers(HttpMethod.OPTIONS).permitAll()
@@ -210,7 +206,7 @@ public class SecurityConfig {
"/api/skypebotendpoint", "/api/_fblogin",
"/api/_vklogin", "/api/_tglogin",
"/api/_google", "/api/_applelogin", "/api/signup",
- "/api/inbox", "/api/events", "/api/u/",
+ "/api/inbox", "/api/events", "/u/**", "/n/**",
"/api/info/**", "/api/v1/apps", "/api/v1/instance",
"/api/nodeinfo/2.0", "/oauth/**")
.permitAll()
@@ -251,6 +247,7 @@ public class SecurityConfig {
return handler;
}
@Bean
+ @Order(Ordered.HIGHEST_PRECEDENCE + 2)
SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
http.addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class)
.authorizeHttpRequests(authorize -> authorize