From 91554cb30eefd48e85ebb744aea0be7efff13e11 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Mon, 28 Nov 2016 19:59:22 +0700 Subject: permit all for /users and /messages; UserService on SimpleRememberMeService replaced by NullUserDetailsService --- .../com/juick/api/configuration/ApiSecurityConfig.java | 3 ++- .../juick/service/security/NullUserDetailsService.java | 16 ++++++++++++++++ .../juick/service/security/SimpleRememberMeServices.java | 5 ++--- 3 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 juick-server/src/main/java/com/juick/service/security/NullUserDetailsService.java diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index 8da51f5a..46e1725b 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -43,6 +43,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll() + .antMatchers("/messages", "/users").permitAll() .anyRequest().hasRole("USER") .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) .and().anonymous() @@ -76,7 +77,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public RememberMeServices rememberMeServices() throws Exception { - return new SimpleRememberMeServices(env.getProperty("auth_remember_me_key"), userDetailsService(), userService, env); + return new SimpleRememberMeServices(env.getProperty("auth_remember_me_key"), userService, env); } @Bean diff --git a/juick-server/src/main/java/com/juick/service/security/NullUserDetailsService.java b/juick-server/src/main/java/com/juick/service/security/NullUserDetailsService.java new file mode 100644 index 00000000..49e9effc --- /dev/null +++ b/juick-server/src/main/java/com/juick/service/security/NullUserDetailsService.java @@ -0,0 +1,16 @@ +package com.juick.service.security; + +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +/** + * Created by aalexeev on 11/28/16. + */ +public class NullUserDetailsService implements UserDetailsService { + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + throw new UsernameNotFoundException( + "loadUserByUsername called for NullUserDetailsService, user " + username + "can not be found"); + } +} diff --git a/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java index d5d54005..2a28866c 100644 --- a/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java +++ b/juick-server/src/main/java/com/juick/service/security/SimpleRememberMeServices.java @@ -8,7 +8,6 @@ import org.apache.commons.lang3.StringUtils; import org.springframework.core.env.Environment; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; @@ -27,8 +26,8 @@ public class SimpleRememberMeServices extends AbstractRememberMeServices impleme private final UserService userService; public SimpleRememberMeServices( - final String key, final UserDetailsService userDetailsService, final UserService userService, final Environment environment) { - super(key, userDetailsService); + final String key, final UserService userService, final Environment environment) { + super(key, new NullUserDetailsService()); Assert.notNull(userService); Assert.notNull(environment); -- cgit v1.2.3