commit
68f567c7cd
|
@ -25,9 +25,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/","/login").permitAll()
|
||||
.anyRequest().hasRole("USER")
|
||||
http
|
||||
.anonymous().disable()
|
||||
.csrf().disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/home.html","/post","/postSchedule","/posts").hasRole("USER")
|
||||
.and()
|
||||
.httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint());
|
||||
|
||||
|
|
|
@ -12,8 +12,8 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
|
|||
|
||||
@Override
|
||||
protected WebApplicationContext createServletApplicationContext() {
|
||||
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
|
||||
context.register(PersistenceJPAConfig.class, WebConfig.class);
|
||||
final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
|
||||
context.register(PersistenceJPAConfig.class, WebConfig.class, SecurityConfig.class);
|
||||
return context;
|
||||
}
|
||||
|
||||
|
@ -32,12 +32,13 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
|
|||
super.onStartup(servletContext);
|
||||
|
||||
servletContext.addListener(new SessionListener());
|
||||
|
||||
registerProxyFilter(servletContext, "oauth2ClientContextFilter");
|
||||
registerProxyFilter(servletContext, "springSecurityFilterChain");
|
||||
|
||||
}
|
||||
|
||||
private void registerProxyFilter(ServletContext servletContext, String name) {
|
||||
DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
|
||||
final DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
|
||||
filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
|
||||
servletContext.addFilter(name, filter).addMappingForUrlPatterns(null, false, "/*");
|
||||
}
|
||||
|
|
|
@ -161,7 +161,7 @@ public class RedditController {
|
|||
// === private
|
||||
|
||||
private User getCurrentUser() {
|
||||
return userReopsitory.findByAccessToken(redditRestTemplate.getAccessToken().getValue());
|
||||
return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
}
|
||||
|
||||
private final MultiValueMap<String, String> constructParams(final Map<String, String> formParams) {
|
||||
|
|
Loading…
Reference in New Issue