Codiki/codiki
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity

Add reste entry point to spring security configuration.

Browse Source
This commit is contained in:
Florian THIERRY - Takiguchi
2019-01-28 20:52:09 +01:00
parent a56892944f
commit 6d90526667
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/main/java/org/codiki/core/security/RestAuthenticationEntryPoint.java Executable file
View File

@@ -0,0 +1,28 @@
package org.codiki.core.security;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
/**
* Authentication entry point configured in
* {@link SecurityConfiguration#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)}
* to avoid yo get a login form at authentication failure from Angular app.
*
* @author takiguchi
*
*/
@Component
public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
}

6
src/main/java/org/codiki/core/security/SecurityConfiguration.java
View File

@@ -22,8 +22,11 @@ import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final String XSRF_REPOSITORY_HEADER_NAME = "X-XSRF-TOKEN";
@Autowired
private CustomAuthenticationProvider authenticationProvider;
@Autowired
private RestAuthenticationEntryPoint authenticationEntryPoint;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -50,6 +53,9 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
).permitAll()
.anyRequest().authenticated()
.and()
// Allow to avoid login form at authentication failure from Angular app
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
.and()
.addFilterAfter(new XSRFTokenFilter(), CsrfFilter.class)
.csrf()
.csrfTokenRepository(xsrfTokenRepository());