Revision 59340
Added by Konstantinos Triantafyllou over 3 years ago
| modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java | ||
|---|---|---|
| 37 | 37 |
HttpServletRequest request = (HttpServletRequest) req; |
| 38 | 38 |
String token = utils.getToken(request); |
| 39 | 39 |
if (token != null) {
|
| 40 |
System.out.println(token); |
|
| 40 | 41 |
Authentication auth = authorizationProvider.getAuthentication(token); |
| 41 | 42 |
SecurityContextHolder.getContext().setAuthentication(auth); |
| 42 |
} else {
|
|
| 43 |
HttpServletResponse response = (HttpServletResponse) res; |
|
| 44 |
response.sendError(HttpStatus.UNAUTHORIZED.value(), "No token has been found"); |
|
| 45 |
return; |
|
| 46 | 43 |
} |
| 47 | 44 |
filterChain.doFilter(req, res); |
| 48 | 45 |
} |
| modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java | ||
|---|---|---|
| 6 | 6 |
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| 7 | 7 |
import org.springframework.security.web.DefaultSecurityFilterChain; |
| 8 | 8 |
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
| 9 |
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; |
|
| 10 | 9 |
|
| 11 | 10 |
public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
|
| 12 | 11 |
|
| ... | ... | |
| 27 | 26 |
@Override |
| 28 | 27 |
public void configure(HttpSecurity http) throws Exception {
|
| 29 | 28 |
AuthorizationFilter customFilter = new AuthorizationFilter(authorizationProvider, utils); |
| 30 |
http.addFilterBefore(customFilter, BasicAuthenticationFilter.class);
|
|
| 29 |
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
|
|
| 31 | 30 |
} |
| 32 | 31 |
|
| 33 | 32 |
} |
| modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java | ||
|---|---|---|
| 9 | 9 |
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
| 10 | 10 |
import org.springframework.security.config.http.SessionCreationPolicy; |
| 11 | 11 |
|
| 12 |
@EnableGlobalMethodSecurity(securedEnabled = true) |
|
| 12 |
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
|
| 13 | 13 |
@EnableWebSecurity |
| 14 | 14 |
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
|
| 15 | 15 |
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
| modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java | ||
|---|---|---|
| 20 | 20 |
public void addCorsMappings(CorsRegistry registry) {
|
| 21 | 21 |
registry.addMapping("/**")
|
| 22 | 22 |
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
|
| 23 |
.allowedOrigins(securityConfig.getOriginServer()) |
|
| 24 | 23 |
.allowCredentials(true); |
| 25 | 24 |
} |
| 26 | 25 |
} |
Also available in: Unified diff
Fix some issues. Remove origins temporaly