From 086d9a7625bfc5a386f5b1028d364fb546c2fa9d Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Wed, 4 Jan 2023 03:37:05 +0300 Subject: JWT authentication for API --- src/main/java/com/juick/config/SecurityConfig.java | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'src/main/java/com/juick/config/SecurityConfig.java') diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index ad189052..d2030a62 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -17,8 +17,10 @@ package com.juick.config; +import com.juick.KeystoreManager; import com.juick.SignatureManager; import com.juick.service.UserService; +import com.juick.service.security.BearerTokenAuthenticationFilter; import com.juick.service.security.HTTPSignatureAuthenticationFilter; import com.juick.service.security.HashParamAuthenticationFilter; import com.juick.service.security.JuickUserDetailsService; @@ -57,9 +59,10 @@ import java.util.Collections; public class SecurityConfig { @Inject private UserService userService; + @Inject + private KeystoreManager keystoreManager; private static final String COOKIE_NAME = "juick-remember-me"; - @Bean UserDetailsService userDetailsService() { return new JuickUserDetailsService(userService); @@ -89,7 +92,7 @@ public class SecurityConfig { } @Bean - AuthenticationEntryPoint juickAuthenticationEntryPoint() { + AuthenticationEntryPoint apiAuthenticationEntryPoint() { var entryPoint = new BasicAuthenticationEntryPoint(); entryPoint.setRealmName("Juick"); return entryPoint; @@ -104,6 +107,10 @@ public class SecurityConfig { HashParamAuthenticationFilter wwwAuthenticationFilter() { return new HashParamAuthenticationFilter(userService, hashCookieServices()); } + @Bean + BearerTokenAuthenticationFilter bearerTokenAuthenticationFilter() { + return new BearerTokenAuthenticationFilter(userService, keystoreManager.getKeyPair()); + } @Bean RememberMeServices hashCookieServices() { @@ -124,6 +131,7 @@ public class SecurityConfig { .addFilterBefore(apiAuthenticationFilter(), BasicAuthenticationFilter.class) .addFilterBefore(new HTTPSignatureAuthenticationFilter(signatureManager, userService), BasicAuthenticationFilter.class) + .addFilterBefore(bearerTokenAuthenticationFilter(), BasicAuthenticationFilter.class) .authorizeHttpRequests(requests -> requests .requestMatchers(HttpMethod.OPTIONS).permitAll() .requestMatchers("/api/", "/api/messages", "/api/avatar", @@ -141,12 +149,12 @@ public class SecurityConfig { .anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER) .authorities(JuickUser.ANONYMOUS_AUTHORITY)) .httpBasic(httpBasic -> httpBasic - .authenticationEntryPoint(juickAuthenticationEntryPoint())) + .authenticationEntryPoint(apiAuthenticationEntryPoint())) .cors(cors -> cors.configurationSource(corsConfigurationSource())) .sessionManagement(sessionManagement -> sessionManagement .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .exceptionHandling(exceptionHandling -> exceptionHandling - .authenticationEntryPoint(juickAuthenticationEntryPoint())) + .authenticationEntryPoint(apiAuthenticationEntryPoint())) .csrf().disable() .headers().defaultsDisabled().cacheControl(); return http.build(); @@ -170,7 +178,7 @@ public class SecurityConfig { .sessionManagement(sessionManagement -> sessionManagement .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .exceptionHandling(exceptionHandling -> exceptionHandling - .authenticationEntryPoint(juickAuthenticationEntryPoint())) + .authenticationEntryPoint(apiAuthenticationEntryPoint())) .headers().defaultsDisabled().cacheControl(); return http.build(); } -- cgit v1.2.3