florian/Starter
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

End security setup.

Browse Source
This commit is contained in:
Florian THIERRY - Takiguchi
2020-07-19 17:00:04 +02:00
parent 5e202b122e
commit 36089cacfa
3 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/org/takiguchi/starter/config/security/JwtRequestFilter.java
View File

@@ -15,7 +15,7 @@ import java.util.List;
import java.util.stream.Collectors;
import static org.springframework.http.HttpHeaders.AUTHORIZATION;
import static org.takiguchi.tamotsu.client.constant.Constant.AUTHORITIES_KEY;
import static org.takiguchi.starter.config.security.TokenProvider.AUTHORITIES_KEY;
public class JwtRequestFilter extends OncePerRequestFilter {
private static final String TOKEN_PREFIX = "Bearer ";
@@ -34,7 +34,7 @@ public class JwtRequestFilter extends OncePerRequestFilter {
if (SecurityContextHolder.getContext().getAuthentication() == null) {
String username = null;
try {
username = tokenProvider.getUsernameFromToken(token);
username = tokenProvider.getUserEmailFromToken(token);
} catch (Exception e) {
// Do nothing
}

26
src/main/java/org/takiguchi/starter/config/security/SecurityConfiguration.java
View File

@@ -11,13 +11,22 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
import javax.servlet.http.HttpServletResponse;
import static org.springframework.http.HttpMethod.GET;
import static org.springframework.http.HttpMethod.OPTIONS;
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final String signingKey;
private final int accessTokenValiditySeconds;
public SecurityConfiguration(@Value("${app.security.signing-key}") String signingKey,
@Value("${app.security.access-token-validity-seconds}") int accessTokenValiditySeconds) {
this.signingKey = signingKey;
this.accessTokenValiditySeconds = accessTokenValiditySeconds;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().disable()
@@ -25,13 +34,13 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
.authenticationEntryPoint((request, response, authResponse) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
.accessDeniedHandler((request, response, accessDeniedException) -> response.sendError(HttpServletResponse.SC_FORBIDDEN))
.and()
.addFilterBefore(jwtRequestFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtRequestFilter(tokenProvider(signingKey, accessTokenValiditySeconds)), UsernamePasswordAuthenticationFilter.class)
.sessionManagement().sessionCreationPolicy(STATELESS)
.and()
.requiresChannel()
.anyRequest()
.requiresSecure()
.and()
// .requiresChannel()
// .anyRequest()
// .requiresSecure()
// .and()
.csrf().disable()
.authorizeRequests()
.antMatchers(
@@ -46,6 +55,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public TokenProvider tokenProvider(@Value("${app.security.signing-key}") String signingKey,
@Value("${app.security.access-token-validity-seconds}") int accessTokenValiditySeconds) {
@@ -53,7 +63,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
}
@Bean
public JwtRequestFilter jwtRequestFilter() {
return new JwtRequestFilter(tokenProvider());
public JwtRequestFilter jwtRequestFilter(TokenProvider tokenProvider) {
return new JwtRequestFilter(tokenProvider);
}
}

2
src/main/java/org/takiguchi/starter/config/security/TokenProvider.java
View File

@@ -13,7 +13,7 @@ import java.util.function.Function;
public class TokenProvider {
private static final String AUTHORITIES_KEY = "scopes";
public static final String AUTHORITIES_KEY = "scopes";
private final String signingKey;
private final int accessTokenValiditySeconds;