From 36089cacfa4bcbe05616dc60255d559a6ad5941c Mon Sep 17 00:00:00 2001
From: takiguchi <florian.thierry72@gmail.com>
Date: Sun, 19 Jul 2020 17:00:04 +0200
Subject: [PATCH] End security setup.

---
 .../config/security/JwtRequestFilter.java     |  4 +--
 .../security/SecurityConfiguration.java       | 26 +++++++++++++------
 .../config/security/TokenProvider.java        |  2 +-
 3 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/takiguchi/starter/config/security/JwtRequestFilter.java b/src/main/java/org/takiguchi/starter/config/security/JwtRequestFilter.java
index 53aaa87..fefa31c 100644
--- a/src/main/java/org/takiguchi/starter/config/security/JwtRequestFilter.java
+++ b/src/main/java/org/takiguchi/starter/config/security/JwtRequestFilter.java
@@ -15,7 +15,7 @@ import java.util.List;
 import java.util.stream.Collectors;
 
 import static org.springframework.http.HttpHeaders.AUTHORIZATION;
-import static org.takiguchi.tamotsu.client.constant.Constant.AUTHORITIES_KEY;
+import static org.takiguchi.starter.config.security.TokenProvider.AUTHORITIES_KEY;
 
 public class JwtRequestFilter extends OncePerRequestFilter {
     private static final String TOKEN_PREFIX = "Bearer ";
@@ -34,7 +34,7 @@ public class JwtRequestFilter extends OncePerRequestFilter {
         if (SecurityContextHolder.getContext().getAuthentication() == null) {
             String username = null;
             try {
-                username = tokenProvider.getUsernameFromToken(token);
+                username = tokenProvider.getUserEmailFromToken(token);
             } catch (Exception e) {
                 // Do nothing
             }
diff --git a/src/main/java/org/takiguchi/starter/config/security/SecurityConfiguration.java b/src/main/java/org/takiguchi/starter/config/security/SecurityConfiguration.java
index 06a4909..6ecfed7 100644
--- a/src/main/java/org/takiguchi/starter/config/security/SecurityConfiguration.java
+++ b/src/main/java/org/takiguchi/starter/config/security/SecurityConfiguration.java
@@ -11,13 +11,22 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 
 import javax.servlet.http.HttpServletResponse;
 
-import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.http.HttpMethod.OPTIONS;
 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
 
 @EnableWebSecurity
 @Configuration
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+    private final String signingKey;
+    private final int accessTokenValiditySeconds;
+
+    public SecurityConfiguration(@Value("${app.security.signing-key}") String signingKey,
+                                 @Value("${app.security.access-token-validity-seconds}") int accessTokenValiditySeconds) {
+        this.signingKey = signingKey;
+        this.accessTokenValiditySeconds = accessTokenValiditySeconds;
+    }
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.cors().disable()
@@ -25,13 +34,13 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                 .authenticationEntryPoint((request, response, authResponse) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
                 .accessDeniedHandler((request, response, accessDeniedException) -> response.sendError(HttpServletResponse.SC_FORBIDDEN))
                 .and()
-                .addFilterBefore(jwtRequestFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(jwtRequestFilter(tokenProvider(signingKey, accessTokenValiditySeconds)), UsernamePasswordAuthenticationFilter.class)
                 .sessionManagement().sessionCreationPolicy(STATELESS)
                 .and()
-                .requiresChannel()
-                    .anyRequest()
-                    .requiresSecure()
-                .and()
+//                .requiresChannel()
+//                    .anyRequest()
+//                    .requiresSecure()
+//                .and()
                 .csrf().disable()
                 .authorizeRequests()
                 .antMatchers(
@@ -46,6 +55,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     public BCryptPasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
+
     @Bean
     public TokenProvider tokenProvider(@Value("${app.security.signing-key}") String signingKey,
                                        @Value("${app.security.access-token-validity-seconds}") int accessTokenValiditySeconds) {
@@ -53,7 +63,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     }
 
     @Bean
-    public JwtRequestFilter jwtRequestFilter() {
-        return new JwtRequestFilter(tokenProvider());
+    public JwtRequestFilter jwtRequestFilter(TokenProvider tokenProvider) {
+        return new JwtRequestFilter(tokenProvider);
     }
 }
diff --git a/src/main/java/org/takiguchi/starter/config/security/TokenProvider.java b/src/main/java/org/takiguchi/starter/config/security/TokenProvider.java
index 2fbca9a..3f7dc83 100644
--- a/src/main/java/org/takiguchi/starter/config/security/TokenProvider.java
+++ b/src/main/java/org/takiguchi/starter/config/security/TokenProvider.java
@@ -13,7 +13,7 @@ import java.util.function.Function;
 
 public class TokenProvider {
 
-    private static final String AUTHORITIES_KEY = "scopes";
+    public static final String AUTHORITIES_KEY = "scopes";
     private final String signingKey;
     private final int accessTokenValiditySeconds;