From bc23d2d2125d2086847397e85335f29a70668f6b Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Mon, 28 Nov 2016 13:39:04 +0700
Subject: remember-me authorization with test; a statndard DaoAuthentication
 provider used

---
 .../juick/api/configuration/ApiSecurityConfig.java | 42 ++++++++++++++++------
 1 file changed, 32 insertions(+), 10 deletions(-)

(limited to 'juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java')

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index b3d2d21e..8da51f5a 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -1,24 +1,27 @@
 package com.juick.api.configuration;
 
 import com.juick.server.security.JuickAuthenticationEntryPoint;
-import com.juick.server.security.JuickAuthenticationProvider;
 import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.SimpleRememberMeServices;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import javax.inject.Inject;
 import java.util.Arrays;
+import java.util.concurrent.TimeUnit;
 
 /**
  * Created by aalexeev on 11/21/16.
@@ -38,8 +41,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.addFilterBefore(getJuickHashFilter(), UsernamePasswordAuthenticationFilter.class)
-                .authorizeRequests()
+        http.authorizeRequests()
                 .antMatchers(HttpMethod.OPTIONS).permitAll()
                 .anyRequest().hasRole("USER")
                 .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
@@ -48,22 +50,42 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
-                .and().authenticationProvider(new JuickAuthenticationProvider(userService))
+                .and()
+                .rememberMe()
+                .alwaysRemember(true)
+                .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
+                .rememberMeServices(rememberMeServices())
+                .key(env.getProperty("auth_remember_me_key"))
+                .and().authenticationProvider(authenticationProvider())
                 .headers().defaultsDisabled().cacheControl();
     }
 
     @Bean
-    public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
-        return new JuickAuthenticationEntryPoint();
+    public DaoAuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+
+        authenticationProvider.setUserDetailsService(userDetailsService());
+
+        return authenticationProvider;
+    }
+
+    @Bean
+    public JuickUserDetailsService userDetailsService() {
+        return new JuickUserDetailsService(userService);
+    }
+
+    @Bean
+    public RememberMeServices rememberMeServices() throws Exception {
+        return new SimpleRememberMeServices(env.getProperty("auth_remember_me_key"), userDetailsService(), userService, env);
     }
 
     @Bean
-    public JuickHashFilter getJuickHashFilter() {
-        return new JuickHashFilter();
+    public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
+        return new JuickAuthenticationEntryPoint();
     }
 
     @Bean
-    CorsConfigurationSource corsConfigurationSource() {
+    public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
         configuration.setAllowedOrigins(Arrays.asList("*"));
-- 
cgit v1.2.3