From 77fb0fe57a77c27efacc09b966fb3c215ab9c15c Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Fri, 4 May 2018 21:23:17 +0300 Subject: spring security: use predefined HttpStatusEntryPoint --- .../com/juick/server/configuration/ApiSecurityConfig.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'juick-api/src') diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java index 3809090e..8ea79498 100644 --- a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java @@ -19,18 +19,20 @@ package com.juick.server.configuration; import com.juick.service.UserService; import com.juick.service.security.JuickUserDetailsService; -import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint; import com.juick.service.security.deprecated.RequestParamHashRememberMeServices; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; @@ -63,12 +65,12 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk", "/skypebotendpoint").permitAll() .anyRequest().hasRole("USER") - .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) + .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint()) .and().anonymous() .and().cors().configurationSource(corsConfigurationSource()) .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) + .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint()) .and() .rememberMe() .alwaysRemember(true) @@ -99,8 +101,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { - return new NotAuthorizedAuthenticationEntryPoint(); + public AuthenticationEntryPoint juickAuthenticationEntryPoint() { + return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); } @Bean -- cgit v1.2.3