Merge pull request #165 from Doha2012/master

security modification
2015-03-17 18:25:47 +02:00 · 2015-03-17 18:25:47 +02:00 · 68f567c7cd
parent 7208be123d c3d3e7c690
commit 68f567c7cd
3 changed files with 11 additions and 8 deletions
--- a/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java
+++ b/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java
@ -25,9 +25,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
-            http.authorizeRequests()
-                .antMatchers("/","/login").permitAll()
-                .anyRequest().hasRole("USER")
+            http
+                .anonymous().disable()
+                .csrf().disable()
+                .authorizeRequests()
+                .antMatchers("/home.html","/post","/postSchedule","/posts").hasRole("USER")
                .and()
                .httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint());

--- a/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java
+++ b/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java
@ -12,8 +12,8 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {

    @Override
    protected WebApplicationContext createServletApplicationContext() {
-        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
-        context.register(PersistenceJPAConfig.class, WebConfig.class);
+        final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
+        context.register(PersistenceJPAConfig.class, WebConfig.class, SecurityConfig.class);
        return context;
    }

@ -32,12 +32,13 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
        super.onStartup(servletContext);

        servletContext.addListener(new SessionListener());
-
        registerProxyFilter(servletContext, "oauth2ClientContextFilter");
+        registerProxyFilter(servletContext, "springSecurityFilterChain");
+
    }

    private void registerProxyFilter(ServletContext servletContext, String name) {
-        DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
+        final DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
        filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
        servletContext.addFilter(name, filter).addMappingForUrlPatterns(null, false, "/*");
    }
--- a/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java
+++ b/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java
@ -161,7 +161,7 @@ public class RedditController {
    // === private

    private User getCurrentUser() {
-        return userReopsitory.findByAccessToken(redditRestTemplate.getAccessToken().getValue());
+        return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    }

    private final MultiValueMap<String, String> constructParams(final Map<String, String> formParams) {