Merge pull request #165 from Doha2012/master

security modification
This commit is contained in:
Eugen 2015-03-17 18:25:47 +02:00
commit 68f567c7cd
3 changed files with 11 additions and 8 deletions

View File

@ -25,9 +25,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/","/login").permitAll()
.anyRequest().hasRole("USER")
http
.anonymous().disable()
.csrf().disable()
.authorizeRequests()
.antMatchers("/home.html","/post","/postSchedule","/posts").hasRole("USER")
.and()
.httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint());

View File

@ -12,8 +12,8 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
@Override
protected WebApplicationContext createServletApplicationContext() {
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.register(PersistenceJPAConfig.class, WebConfig.class);
final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.register(PersistenceJPAConfig.class, WebConfig.class, SecurityConfig.class);
return context;
}
@ -32,12 +32,13 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
super.onStartup(servletContext);
servletContext.addListener(new SessionListener());
registerProxyFilter(servletContext, "oauth2ClientContextFilter");
registerProxyFilter(servletContext, "springSecurityFilterChain");
}
private void registerProxyFilter(ServletContext servletContext, String name) {
DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
final DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
servletContext.addFilter(name, filter).addMappingForUrlPatterns(null, false, "/*");
}

View File

@ -161,7 +161,7 @@ public class RedditController {
// === private
private User getCurrentUser() {
return userReopsitory.findByAccessToken(redditRestTemplate.getAccessToken().getValue());
return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
}
private final MultiValueMap<String, String> constructParams(final Map<String, String> formParams) {