From 3c037e00d89a4ad5d0df57b3216857237ab81886 Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Sat, 26 Nov 2016 04:24:14 +0700
Subject: api configuration

---
 .../juick/api/configuration/ApiSecurityConfig.java | 40 +++++++++-------------
 1 file changed, 16 insertions(+), 24 deletions(-)

(limited to 'juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java')

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index c0043950..8d074f7c 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -19,27 +19,37 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
-import javax.annotation.Resource;
 import javax.inject.Inject;
 
 /**
  * Created by aalexeev on 11/21/16.
  */
 @Configuration
-@EnableWebSecurity
+@EnableWebSecurity(debug = true)
 @PropertySource("classpath:juick.conf")
 public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
-    @Resource
+    @Inject
     private Environment env;
-    @Resource
+    @Inject
     private UserService userService;
 
-    protected ApiSecurityConfig() {
+    ApiSecurityConfig() {
         super(true);
     }
 
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers("/home").hasRole("USER")
+                .antMatchers(HttpMethod.OPTIONS).permitAll()
+                .and().httpBasic().authenticationEntryPoint(getBasicAuthEntryPoint())
+                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and().exceptionHandling().authenticationEntryPoint(getBasicAuthEntryPoint())
+                .and().authenticationProvider(new JuickAuthenticationProvider());
+    }
+
     @Bean
-    public JuickAuthenticationEntryPoint getBasicAuthEntryPoint(){
+    public JuickAuthenticationEntryPoint getBasicAuthEntryPoint() {
         return new JuickAuthenticationEntryPoint();
     }
 
@@ -58,22 +68,4 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
             throw new UsernameNotFoundException("The username " + username + " is not found");
         };
     }
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-                .authorizeRequests()
-                .antMatchers("/home").hasRole("USER")
-                .and().httpBasic().authenticationEntryPoint(new JuickAuthenticationEntryPoint())
-                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-    }
-
-    @Inject
-    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
-        auth.authenticationProvider(new JuickAuthenticationProvider());
-    }
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
-    }
 }
-- 
cgit v1.2.3