iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security modification

This commit is contained in:
DOHA 2015-03-17 18:15:02 +02:00
parent 67a7df4487
commit c3d3e7c690
3 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java
View File

@ -25,9 +25,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
http.authorizeRequests() http
.antMatchers("/","/login").permitAll() .anonymous().disable()
.anyRequest().hasRole("USER") .csrf().disable()
.authorizeRequests()
.antMatchers("/home.html","/post","/postSchedule","/posts").hasRole("USER")
.and() .and()
.httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint()); .httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint());

9
spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java
View File

@ -12,8 +12,8 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
@Override @Override
protected WebApplicationContext createServletApplicationContext() { protected WebApplicationContext createServletApplicationContext() {
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
context.register(PersistenceJPAConfig.class, WebConfig.class); context.register(PersistenceJPAConfig.class, WebConfig.class, SecurityConfig.class);
return context; return context;
} }
@ -32,12 +32,13 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
super.onStartup(servletContext); super.onStartup(servletContext);
servletContext.addListener(new SessionListener()); servletContext.addListener(new SessionListener());
registerProxyFilter(servletContext, "oauth2ClientContextFilter"); registerProxyFilter(servletContext, "oauth2ClientContextFilter");
registerProxyFilter(servletContext, "springSecurityFilterChain");
} }
private void registerProxyFilter(ServletContext servletContext, String name) { private void registerProxyFilter(ServletContext servletContext, String name) {
DelegatingFilterProxy filter = new DelegatingFilterProxy(name); final DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
servletContext.addFilter(name, filter).addMappingForUrlPatterns(null, false, "/*"); servletContext.addFilter(name, filter).addMappingForUrlPatterns(null, false, "/*");
} }

2
spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java
View File

@ -161,7 +161,7 @@ public class RedditController {
// === private // === private
private User getCurrentUser() { private User getCurrentUser() {
return userReopsitory.findByAccessToken(redditRestTemplate.getAccessToken().getValue()); return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
} }
private final MultiValueMap<String, String> constructParams(final Map<String, String> formParams) { private final MultiValueMap<String, String> constructParams(final Map<String, String> formParams) {