From 0db3bea4ef42db0f98c7c5b240fccd253f3e958c Mon Sep 17 00:00:00 2001 From: Fabio Formosa Date: Sat, 25 Apr 2020 12:27:37 +0200 Subject: [PATCH] #6 wrapped httpsecurity --- .../configuration/WebSecurityConfigJWT.java | 8 +-- .../impl/QuartzManagerHttpSecurity.java | 63 ++++++++++++------- .../controllers/AuthenticationController.java | 2 +- 3 files changed, 44 insertions(+), 29 deletions(-) diff --git a/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/WebSecurityConfigJWT.java b/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/WebSecurityConfigJWT.java index 79e11ba..1c4c0a6 100644 --- a/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/WebSecurityConfigJWT.java +++ b/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/WebSecurityConfigJWT.java @@ -1,5 +1,6 @@ package it.fabioformosa.quartzmanager.configuration; +import it.fabioformosa.quartzmanager.configuration.helpers.impl.QuartzManagerHttpSecurity; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; @@ -42,7 +43,7 @@ public class WebSecurityConfigJWT extends WebSecurityConfigurerAdapter { private static final String[] PATTERNS_SWAGGER_UI = {"/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**", "/webjars/**"}; - @Value("${quartz-manager.security.jwt.cookie}") + @Value("${quartz-manager.security.jwt.cookie-strategy.cookie}") private String TOKEN_COOKIE; // @Autowired @@ -81,9 +82,8 @@ public class WebSecurityConfigJWT extends WebSecurityConfigurerAdapter { .addFilterBefore(jwtAuthenticationTokenFilter(), BasicAuthenticationFilter.class) // .authorizeRequests().anyRequest().authenticated(); - loginConfig.login(http, authenticationManager()).logout().logoutRequestMatcher(new AntPathRequestMatcher("/api/logout")) - .logoutSuccessHandler(logoutSuccess).deleteCookies(TOKEN_COOKIE); - + QuartzManagerHttpSecurity.from(http).login(authenticationManager()).logout().logoutRequestMatcher(new AntPathRequestMatcher("/api/logout")) + .logoutSuccessHandler(logoutSuccess).deleteCookies(TOKEN_COOKIE); } @Override diff --git a/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/helpers/impl/QuartzManagerHttpSecurity.java b/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/helpers/impl/QuartzManagerHttpSecurity.java index a587a61..065868d 100644 --- a/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/helpers/impl/QuartzManagerHttpSecurity.java +++ b/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/configuration/helpers/impl/QuartzManagerHttpSecurity.java @@ -1,24 +1,39 @@ -package it.fabioformosa.quartzmanager.configuration.helpers.impl; - -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; - -public class QuartzManagerHttpSecurity { - - static QuartzManagerHttpSecurity from(HttpSecurity httpSecurity) { - QuartzManagerHttpSecurity newInstance = new QuartzManagerHttpSecurity(); - newInstance.httpSecurity = httpSecurity; - return newInstance; - } - - private HttpSecurity httpSecurity; - - QuartzManagerHttpSecurity login(AuthenticationManager authenticationManager){ - return this; - } - - QuartzManagerHttpSecurity logout(){ - return this; - } - -} +package it.fabioformosa.quartzmanager.configuration.helpers.impl; + +import it.fabioformosa.quartzmanager.configuration.helpers.LoginConfig; +import org.springframework.context.ApplicationContext; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.SecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer; +import org.springframework.security.web.DefaultSecurityFilterChain; + +public class QuartzManagerHttpSecurity extends SecurityConfigurerAdapter { + + private ApplicationContext applicationContext; + private HttpSecurity httpSecurity; + + private final LoginConfig loginConfig; + + public static QuartzManagerHttpSecurity from(HttpSecurity httpSecurity){ + QuartzManagerHttpSecurity newInstance = new QuartzManagerHttpSecurity(httpSecurity); + newInstance.setBuilder(httpSecurity); + return newInstance; + } + + public QuartzManagerHttpSecurity(HttpSecurity httpSecurity) { + this.httpSecurity = httpSecurity; + this.applicationContext = httpSecurity.getSharedObject(ApplicationContext.class); + this.loginConfig = this.applicationContext.getBean(LoginConfig.class); + } + + public QuartzManagerHttpSecurity login(AuthenticationManager authenticationManager) throws Exception { + httpSecurity = loginConfig.login(httpSecurity, authenticationManager); + return this; + } + + + public LogoutConfigurer logout() throws Exception { + return httpSecurity.logout(); + } +} diff --git a/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/controllers/AuthenticationController.java b/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/controllers/AuthenticationController.java index 74f25d8..fec4e8a 100644 --- a/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/controllers/AuthenticationController.java +++ b/quartz-manager-api/src/main/java/it/fabioformosa/quartzmanager/controllers/AuthenticationController.java @@ -44,7 +44,7 @@ public class AuthenticationController { @Value("${quartz-manager.security.jwt.expiration-in-sec}") private int EXPIRES_IN_SEC; - @Value("${quartz-manager.security.jwt.cookie}") + @Value("${quartz-manager.security.jwt.cookie-strategy-cookie}") private String TOKEN_COOKIE; @RequestMapping(value = "/changePassword", method = RequestMethod.POST)