Http security fix, moved http security to resource server configurati…

…on in order to make it working correctly.
anirbandas18 · Jun 27, 2019 · 42494e3 · 42494e3
1 parent 2edf8f8
commit 42494e3
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 24 deletions.
diff --git a/src/main/java/net/reliqs/gleeometer/security/ResourceServerConfiguration.java b/src/main/java/net/reliqs/gleeometer/security/ResourceServerConfiguration.java
@@ -1,17 +1,43 @@
 package net.reliqs.gleeometer.security;
 
+import net.reliqs.gleeometer.errors.CustomAccessDeniedHandler;
+import net.reliqs.gleeometer.errors.CustomAuthenticationEntryPoint;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
 
 @Configuration
 @EnableResourceServer
 public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
+    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
+
+    public ResourceServerConfiguration(CustomAuthenticationEntryPoint customAuthenticationEntryPoint) {
+        this.customAuthenticationEntryPoint = customAuthenticationEntryPoint;
+    }
 
     @Override
     public void configure(ResourceServerSecurityConfigurer resources) {
         resources.resourceId("api");
     }
 
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .antMatcher("/api/**")
+                .authorizeRequests()
+                .antMatchers("/api/signin**").permitAll()
+                .antMatchers("/api/signin/**").permitAll()
+                .antMatchers("/api/glee**").hasAnyAuthority("ADMIN", "USER")
+                .antMatchers("/api/users**").hasAuthority("ADMIN")
+                .antMatchers("/api/**").authenticated()
+                .anyRequest().authenticated()
+                .and()
+                .exceptionHandling().authenticationEntryPoint(customAuthenticationEntryPoint).accessDeniedHandler(new CustomAccessDeniedHandler());
+    }
+
 }
diff --git a/src/main/java/net/reliqs/gleeometer/security/ServerSecurityConfig.java b/src/main/java/net/reliqs/gleeometer/security/ServerSecurityConfig.java
@@ -1,35 +1,29 @@
 package net.reliqs.gleeometer.security;
 
-import net.reliqs.gleeometer.errors.CustomAccessDeniedHandler;
 import net.reliqs.gleeometer.errors.CustomAuthenticationEntryPoint;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 @Configuration
-@Order(1)
+//@Order(1)
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
 public class ServerSecurityConfig extends WebSecurityConfigurerAdapter {
 
-    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
 
     private final UserDetailsService userDetailsService;
 
     public ServerSecurityConfig(CustomAuthenticationEntryPoint customAuthenticationEntryPoint, @Qualifier("userService")
             UserDetailsService userDetailsService) {
-        this.customAuthenticationEntryPoint = customAuthenticationEntryPoint;
         this.userDetailsService = userDetailsService;
     }
 
@@ -52,21 +46,4 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
         return super.authenticationManagerBean();
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
-                .antMatcher("/api/**")
-                .authorizeRequests()
-                .antMatchers("/api/signin/**").permitAll()
-                .antMatchers("/api/glee/**").hasAnyAuthority("ADMIN", "USER")
-                .antMatchers("/api/users/**").hasAuthority("ADMIN")
-                .antMatchers("/api/**").authenticated()
-                .anyRequest().authenticated()
-                .and()
-                .csrf().disable()
-                .exceptionHandling().authenticationEntryPoint(customAuthenticationEntryPoint).accessDeniedHandler(new CustomAccessDeniedHandler());
-    }
-
 }