diff options
Diffstat (limited to 'src/main/java/com/juick/config/SecurityConfig.java')
-rw-r--r-- | src/main/java/com/juick/config/SecurityConfig.java | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index a93a4a5ca..7e37b7d8e 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -35,6 +35,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -52,10 +53,10 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; -import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.web.cors.CorsConfiguration; @@ -115,9 +116,7 @@ public class SecurityConfig { @Bean AuthenticationEntryPoint apiAuthenticationEntryPoint() { - var entryPoint = new BasicAuthenticationEntryPoint(); - entryPoint.setRealmName("Juick"); - return entryPoint; + return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); } @Value("${auth_remember_me_key:secret}") @@ -201,7 +200,7 @@ public class SecurityConfig { "/api/swagger-ui/**", "/api/messages/discussions", "/api/users", "/api/thread", "/api/tags", - "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk", + "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk", "/api/_google", "/api/skypebotendpoint", "/api/signup", "/api/inbox", "/api/events", "/api/u/", "/u/**", "/n/**", @@ -228,6 +227,7 @@ public class SecurityConfig { } @Bean + @Order(Ordered.HIGHEST_PRECEDENCE + 1) SecurityFilterChain h2ConsoleFilterChain(HttpSecurity http) throws Exception { http.securityMatcher("/h2-console/**") .authorizeHttpRequests(auth -> auth @@ -294,6 +294,7 @@ public class SecurityConfig { } @Bean + @Order(Ordered.HIGHEST_PRECEDENCE + 1) public SecurityFilterChain securityWebFilterChain( HttpSecurity http) throws Exception { return http.securityMatcher("/actuator/**") |