From c61ba1deb4cf58bc44e1dfb272052dd64150eb49 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Sat, 26 Nov 2016 13:19:17 +0700 Subject: working spring security config --- .../juick/api/configuration/ApiSecurityConfig.java | 35 +++++----------------- 1 file changed, 8 insertions(+), 27 deletions(-) (limited to 'juick-api/src/main/java/com/juick') diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index 8d074f7c..d7904199 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -2,22 +2,16 @@ package com.juick.api.configuration; import com.juick.server.security.JuickAuthenticationEntryPoint; import com.juick.server.security.JuickAuthenticationProvider; -import com.juick.server.security.entities.JuickUser; import com.juick.service.UserService; -import org.apache.commons.lang3.StringUtils; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.Environment; import org.springframework.http.HttpMethod; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.core.userdetails.UsernameNotFoundException; import javax.inject.Inject; @@ -40,32 +34,19 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() - .antMatchers("/home").hasRole("USER") .antMatchers(HttpMethod.OPTIONS).permitAll() - .and().httpBasic().authenticationEntryPoint(getBasicAuthEntryPoint()) + .anyRequest().hasRole("USER") + .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) + .and().anonymous() + .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and().exceptionHandling().authenticationEntryPoint(getBasicAuthEntryPoint()) - .and().authenticationProvider(new JuickAuthenticationProvider()); + .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) + .and().authenticationProvider(new JuickAuthenticationProvider(userService)) + .headers().cacheControl(); } @Bean - public JuickAuthenticationEntryPoint getBasicAuthEntryPoint() { + public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { return new JuickAuthenticationEntryPoint(); } - - @Bean("userDetailsService") - @Override - public UserDetailsService userDetailsServiceBean() throws Exception { - return username -> { - if (StringUtils.isBlank(username)) - throw new UsernameNotFoundException("Invalid user name " + username); - - com.juick.User user = userService.getUserByName(username); - - if (user != null) - return new JuickUser(user); - - throw new UsernameNotFoundException("The username " + username + " is not found"); - }; - } } -- cgit v1.2.3