From 6d905266670b9d8f20ae92d42e6dc1bc81dcd4fe Mon Sep 17 00:00:00 2001
From: Takiguchi <florian.thierry72@gmail.com>
Date: Mon, 28 Jan 2019 20:52:09 +0100
Subject: [PATCH] Add reste entry point to spring security configuration.

---
 .../RestAuthenticationEntryPoint.java         | 28 +++++++++++++++++++
 .../core/security/SecurityConfiguration.java  |  6 ++++
 2 files changed, 34 insertions(+)
 create mode 100755 src/main/java/org/codiki/core/security/RestAuthenticationEntryPoint.java

diff --git a/src/main/java/org/codiki/core/security/RestAuthenticationEntryPoint.java b/src/main/java/org/codiki/core/security/RestAuthenticationEntryPoint.java
new file mode 100755
index 0000000..e5df6af
--- /dev/null
+++ b/src/main/java/org/codiki/core/security/RestAuthenticationEntryPoint.java
@@ -0,0 +1,28 @@
+package org.codiki.core.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+/**
+ * Authentication entry point configured in
+ * {@link SecurityConfiguration#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)}
+ * to avoid yo get a login form at authentication failure from Angular app.
+ * 
+ * @author takiguchi
+ *
+ */
+@Component
+public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
+	@Override
+	public void commence(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException authException) throws IOException, ServletException {
+		response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+	}
+}
diff --git a/src/main/java/org/codiki/core/security/SecurityConfiguration.java b/src/main/java/org/codiki/core/security/SecurityConfiguration.java
index 5f52e46..29d1b5f 100755
--- a/src/main/java/org/codiki/core/security/SecurityConfiguration.java
+++ b/src/main/java/org/codiki/core/security/SecurityConfiguration.java
@@ -22,8 +22,11 @@ import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 	
 	private static final String XSRF_REPOSITORY_HEADER_NAME = "X-XSRF-TOKEN";
+
 	@Autowired
 	private CustomAuthenticationProvider authenticationProvider;
+	@Autowired
+	private RestAuthenticationEntryPoint authenticationEntryPoint;
 	
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -50,6 +53,9 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 				).permitAll()
 			.anyRequest().authenticated()
 			.and()
+			// Allow to avoid login form at authentication failure from Angular app
+			.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
+			.and()
 			.addFilterAfter(new XSRFTokenFilter(), CsrfFilter.class)
 			.csrf()
 			.csrfTokenRepository(xsrfTokenRepository());