From 77fb0fe57a77c27efacc09b966fb3c215ab9c15c Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Fri, 4 May 2018 21:23:17 +0300
Subject: spring security: use predefined HttpStatusEntryPoint

---
 .../com/juick/server/configuration/ApiSecurityConfig.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'juick-api')

diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
index 3809090e..8ea79498 100644
--- a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
@@ -19,18 +19,20 @@ package com.juick.server.configuration;
 
 import com.juick.service.UserService;
 import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint;
 import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
@@ -63,12 +65,12 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
                         "/skypebotendpoint").permitAll()
                 .anyRequest().hasRole("USER")
-                .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
                 .and().anonymous()
                 .and().cors().configurationSource(corsConfigurationSource())
                 .and().servletApi()
                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
                 .and()
                 .rememberMe()
                 .alwaysRemember(true)
@@ -99,8 +101,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
     }
 
     @Bean
-    public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
-        return new NotAuthorizedAuthenticationEntryPoint();
+    public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
+        return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
     }
 
     @Bean
-- 
cgit v1.2.3