From c61ba1deb4cf58bc44e1dfb272052dd64150eb49 Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Sat, 26 Nov 2016 13:19:17 +0700
Subject: working spring security config

---
 .../juick/api/configuration/ApiSecurityConfig.java | 35 +++++-----------------
 1 file changed, 8 insertions(+), 27 deletions(-)

(limited to 'juick-api/src/main/java/com')

diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index 8d074f7c..d7904199 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -2,22 +2,16 @@ package com.juick.api.configuration;
 
 import com.juick.server.security.JuickAuthenticationEntryPoint;
 import com.juick.server.security.JuickAuthenticationProvider;
-import com.juick.server.security.entities.JuickUser;
 import com.juick.service.UserService;
-import org.apache.commons.lang3.StringUtils;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import javax.inject.Inject;
 
@@ -40,32 +34,19 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
-                .antMatchers("/home").hasRole("USER")
                 .antMatchers(HttpMethod.OPTIONS).permitAll()
-                .and().httpBasic().authenticationEntryPoint(getBasicAuthEntryPoint())
+                .anyRequest().hasRole("USER")
+                .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and().anonymous()
+                .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and().exceptionHandling().authenticationEntryPoint(getBasicAuthEntryPoint())
-                .and().authenticationProvider(new JuickAuthenticationProvider());
+                .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and().authenticationProvider(new JuickAuthenticationProvider(userService))
+                .headers().cacheControl();
     }
 
     @Bean
-    public JuickAuthenticationEntryPoint getBasicAuthEntryPoint() {
+    public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
         return new JuickAuthenticationEntryPoint();
     }
-
-    @Bean("userDetailsService")
-    @Override
-    public UserDetailsService userDetailsServiceBean() throws Exception {
-        return username -> {
-            if (StringUtils.isBlank(username))
-                throw new UsernameNotFoundException("Invalid user name " + username);
-
-            com.juick.User user = userService.getUserByName(username);
-
-            if (user != null)
-                return new JuickUser(user);
-
-            throw new UsernameNotFoundException("The username " + username + " is not found");
-        };
-    }
 }
-- 
cgit v1.2.3