added simultaneous token-based and http basic authentication

java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/AuthConfiguration.java

@@ -2,6 +2,7 @@ package net.chrisrichardson.eventstore.javaexamples.banking.commonauth;
 
 import net.chrisrichardson.eventstore.javaexamples.banking.common.customers.QuerySideCustomer;
 import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.filter.StatelessAuthenticationFilter;
+import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.User;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
@@ -14,10 +15,8 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.token.KeyBasedPersistenceTokenService;
 import org.springframework.security.core.token.TokenService;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -54,8 +53,7 @@ public class AuthConfiguration extends WebSecurityConfigurerAdapter {
         return email -> {
             QuerySideCustomer customer = customerAuthService.findByEmail(email);
             if (customer != null) {
-                return new User(email, "", true, true, true, true,
-                        AuthorityUtils.createAuthorityList("USER"));
+                return new User(email);
             } else {
                 throw new UsernameNotFoundException(String.format("could not find the customer '%s'", email));
             }

java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/TokenAuthenticationService.java

@@ -21,7 +21,7 @@ public class TokenAuthenticationService {
     @Autowired
     private TokenService tokenService;
 
-    private static final String AUTH_HEADER_NAME = "x-access-token";
+    private static final String AUTH_HEADER_NAME = "access-token";
     private static final long DAY = 1000 * 60 * 60 * 24;
 
     private ObjectMapper mapper = new ObjectMapper();

java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/filter/StatelessAuthenticationFilter.java

@@ -24,7 +24,7 @@ public class StatelessAuthenticationFilter extends GenericFilterBean {
 
     @Override
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
-        if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
+        if (SecurityContextHolder.getContext().getAuthentication()==null) {
             SecurityContextHolder.getContext().setAuthentication(
                     tokenAuthenticationService.getAuthentication((HttpServletRequest) req));
         }