From c3a9365645ec94d5b7c9778ab32c93e5eb4be5f6 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 29 Apr 2019 14:06:24 +0300 Subject: UserUtils -> @Visitor --- .../service/security/HTTPSignatureAuthenticationFilter.java | 7 +++---- .../service/security/HashParamAuthenticationFilter.java | 2 +- .../java/com/juick/service/security/annotation/Visitor.java | 12 ++++++++++++ 3 files changed, 16 insertions(+), 5 deletions(-) create mode 100644 src/main/java/com/juick/service/security/annotation/Visitor.java (limited to 'src/main/java/com/juick/service/security') diff --git a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java index 44d97207..158841b4 100644 --- a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java +++ b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java @@ -3,12 +3,11 @@ package com.juick.service.security; import com.juick.User; import com.juick.server.SignatureManager; import com.juick.service.UserService; -import org.apache.commons.io.IOUtils; +import com.juick.service.security.entities.JuickUser; import org.apache.commons.lang3.StringUtils; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.filter.OncePerRequestFilter; @@ -18,7 +17,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.nio.charset.StandardCharsets; import java.util.Collections; import java.util.Map; import java.util.stream.Collectors; @@ -51,7 +49,8 @@ public class HTTPSignatureAuthenticationFilter extends OncePerRequestFilter { Authentication authentication = new UsernamePasswordAuthenticationToken(userWithPassword.getName(), userWithPassword.getCredentials()); SecurityContextHolder.getContext().setAuthentication(authentication); } else { - Authentication authentication = new AnonymousAuthenticationToken(userUri, user, Collections.singletonList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))); + Authentication authentication = new AnonymousAuthenticationToken(userUri, + new JuickUser(user), JuickUser.ANONYMOUS_AUTHORITY); SecurityContextHolder.getContext().setAuthentication(authentication); } } diff --git a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java index 2fd5a2a7..0a80a28c 100644 --- a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java +++ b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java @@ -18,8 +18,8 @@ package com.juick.service.security; import com.juick.User; -import com.juick.service.security.entities.JuickUser; import com.juick.service.UserService; +import com.juick.service.security.entities.JuickUser; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.core.Authentication; diff --git a/src/main/java/com/juick/service/security/annotation/Visitor.java b/src/main/java/com/juick/service/security/annotation/Visitor.java new file mode 100644 index 00000000..14d7cc87 --- /dev/null +++ b/src/main/java/com/juick/service/security/annotation/Visitor.java @@ -0,0 +1,12 @@ +package com.juick.service.security.annotation; + +import org.springframework.security.core.annotation.AuthenticationPrincipal; + +import java.lang.annotation.*; + +@Target({ ElementType.PARAMETER, ElementType.TYPE }) +@Retention(RetentionPolicy.RUNTIME) +@Documented +@AuthenticationPrincipal(errorOnInvalidType = true, expression = "user") +public @interface Visitor { +} -- cgit v1.2.3