aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/config
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/config')
-rw-r--r--src/main/java/com/juick/config/SecurityConfig.java11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index a93a4a5ca..7e37b7d8e 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -35,6 +35,7 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -52,10 +53,10 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
-import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
@@ -115,9 +116,7 @@ public class SecurityConfig {
@Bean
AuthenticationEntryPoint apiAuthenticationEntryPoint() {
- var entryPoint = new BasicAuthenticationEntryPoint();
- entryPoint.setRealmName("Juick");
- return entryPoint;
+ return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}
@Value("${auth_remember_me_key:secret}")
@@ -201,7 +200,7 @@ public class SecurityConfig {
"/api/swagger-ui/**",
"/api/messages/discussions",
"/api/users", "/api/thread", "/api/tags",
- "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk",
+ "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk", "/api/_google",
"/api/skypebotendpoint", "/api/signup",
"/api/inbox", "/api/events", "/api/u/", "/u/**",
"/n/**",
@@ -228,6 +227,7 @@ public class SecurityConfig {
}
@Bean
+ @Order(Ordered.HIGHEST_PRECEDENCE + 1)
SecurityFilterChain h2ConsoleFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher("/h2-console/**")
.authorizeHttpRequests(auth -> auth
@@ -294,6 +294,7 @@ public class SecurityConfig {
}
@Bean
+ @Order(Ordered.HIGHEST_PRECEDENCE + 1)
public SecurityFilterChain securityWebFilterChain(
HttpSecurity http) throws Exception {
return http.securityMatcher("/actuator/**")