From 77fb0fe57a77c27efacc09b966fb3c215ab9c15c Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Fri, 4 May 2018 21:23:17 +0300
Subject: spring security: use predefined HttpStatusEntryPoint

---
 .../server/configuration/ApiSecurityConfig.java    | 12 +++++---
 .../NotAuthorizedAuthenticationEntryPoint.java     | 36 ----------------------
 2 files changed, 7 insertions(+), 41 deletions(-)
 delete mode 100644 juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java

diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
index 3809090e..8ea79498 100644
--- a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
@@ -19,18 +19,20 @@ package com.juick.server.configuration;
 
 import com.juick.service.UserService;
 import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint;
 import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
@@ -63,12 +65,12 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
                         "/skypebotendpoint").permitAll()
                 .anyRequest().hasRole("USER")
-                .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
                 .and().anonymous()
                 .and().cors().configurationSource(corsConfigurationSource())
                 .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
                 .and()
                 .rememberMe()
                 .alwaysRemember(true)
@@ -99,8 +101,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
     }
 
     @Bean
-    public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
-        return new NotAuthorizedAuthenticationEntryPoint();
+    public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
+        return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
     }
 
     @Bean
diff --git a/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java b/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java
deleted file mode 100644
index b9bdcaa9..00000000
--- a/juick-common/src/main/java/com/juick/service/security/NotAuthorizedAuthenticationEntryPoint.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (C) 2008-2017, Juick
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.juick.service.security;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * Created by vitalyster on 25.11.2016.
- */
-public class NotAuthorizedAuthenticationEntryPoint implements AuthenticationEntryPoint {
-    @Override
-    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) {
-        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-    }
-}
-- 
cgit v1.2.3