From 248c05840275516cbc5c99c8e5d87d007ca37284 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 21 Jun 2018 20:24:45 +0300
Subject: www project disabled, all new web development moved to separate repo

---
 .../server/configuration/ApiSecurityConfig.java    | 125 +++++++++++++++++++++
 .../com/juick/server/configuration/PostConfig.java |   9 ++
 2 files changed, 134 insertions(+)
 create mode 100644 juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
 create mode 100644 juick-server/src/main/java/com/juick/server/configuration/PostConfig.java

(limited to 'juick-server/src/main/java/com/juick/server/configuration')

diff --git a/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
new file mode 100644
index 00000000..94c1f1a8
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import javax.inject.Inject;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@Configuration
+@EnableWebSecurity
+public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Value("${auth_remember_me_key:secret}")
+    private String rememberMeKey;
+    @Inject
+    private UserService userService;
+
+    ApiSecurityConfig() {
+        super(true);
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers(HttpMethod.OPTIONS).permitAll()
+                .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
+                        "/skypebotendpoint").permitAll()
+                .anyRequest().hasRole("USER")
+                .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
+                .and().anonymous()
+                .and().cors().configurationSource(corsConfigurationSource())
+                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
+                .and()
+                .rememberMe()
+                .alwaysRemember(true)
+                .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
+                .rememberMeServices(rememberMeServices())
+                .key(rememberMeKey)
+                .and().authenticationProvider(authenticationProvider())
+                .headers().defaultsDisabled().cacheControl();
+    }
+
+    @Bean
+    public DaoAuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+
+        authenticationProvider.setUserDetailsService(userDetailsService());
+
+        return authenticationProvider;
+    }
+
+    @Bean
+    public JuickUserDetailsService userDetailsService() {
+        return new JuickUserDetailsService(userService);
+    }
+
+    @Bean
+    public RememberMeServices rememberMeServices() {
+        return new RequestParamHashRememberMeServices(rememberMeKey, userService);
+    }
+
+    @Bean
+    public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
+        return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
+    }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(Collections.singletonList("*"));
+        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+        configuration.setAllowedHeaders(Collections.singletonList("*"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**",
+                "/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**");
+    }
+}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java b/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java
new file mode 100644
index 00000000..598a7435
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java
@@ -0,0 +1,9 @@
+package com.juick.server.configuration;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.ComponentScan;
+
+@EnableAutoConfiguration
+@ComponentScan({"com.juick.server", "com.juick.service"})
+public class PostConfig {
+}
-- 
cgit v1.2.3