diff --git a/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java b/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java index 9eaa8097b4..d120a2d775 100644 --- a/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java +++ b/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java @@ -25,9 +25,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off - http.authorizeRequests() - .antMatchers("/","/login").permitAll() - .anyRequest().hasRole("USER") + http + .anonymous().disable() + .csrf().disable() + .authorizeRequests() + .antMatchers("/home.html","/post","/postSchedule","/posts").hasRole("USER") .and() .httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint()); diff --git a/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java b/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java index 96f1ab48a1..d81e2bb613 100644 --- a/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java +++ b/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java @@ -12,8 +12,8 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer { @Override protected WebApplicationContext createServletApplicationContext() { - AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); - context.register(PersistenceJPAConfig.class, WebConfig.class); + final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); + context.register(PersistenceJPAConfig.class, WebConfig.class, SecurityConfig.class); return context; } @@ -32,12 +32,13 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer { super.onStartup(servletContext); servletContext.addListener(new SessionListener()); - registerProxyFilter(servletContext, "oauth2ClientContextFilter"); + registerProxyFilter(servletContext, "springSecurityFilterChain"); + } private void registerProxyFilter(ServletContext servletContext, String name) { - DelegatingFilterProxy filter = new DelegatingFilterProxy(name); + final DelegatingFilterProxy filter = new DelegatingFilterProxy(name); filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); servletContext.addFilter(name, filter).addMappingForUrlPatterns(null, false, "/*"); } diff --git a/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java b/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java index 3906c2a1ae..549fa2a5b8 100644 --- a/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java +++ b/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java @@ -161,7 +161,7 @@ public class RedditController { // === private private User getCurrentUser() { - return userReopsitory.findByAccessToken(redditRestTemplate.getAccessToken().getValue()); + return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); } private final MultiValueMap constructParams(final Map formParams) {