Revision 59340
Added by Konstantinos Triantafyllou over 3 years ago
modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java | ||
---|---|---|
37 | 37 |
HttpServletRequest request = (HttpServletRequest) req; |
38 | 38 |
String token = utils.getToken(request); |
39 | 39 |
if (token != null) { |
40 |
System.out.println(token); |
|
40 | 41 |
Authentication auth = authorizationProvider.getAuthentication(token); |
41 | 42 |
SecurityContextHolder.getContext().setAuthentication(auth); |
42 |
} else { |
|
43 |
HttpServletResponse response = (HttpServletResponse) res; |
|
44 |
response.sendError(HttpStatus.UNAUTHORIZED.value(), "No token has been found"); |
|
45 |
return; |
|
46 | 43 |
} |
47 | 44 |
filterChain.doFilter(req, res); |
48 | 45 |
} |
modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java | ||
---|---|---|
6 | 6 |
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
7 | 7 |
import org.springframework.security.web.DefaultSecurityFilterChain; |
8 | 8 |
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
9 |
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; |
|
10 | 9 |
|
11 | 10 |
public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> { |
12 | 11 |
|
... | ... | |
27 | 26 |
@Override |
28 | 27 |
public void configure(HttpSecurity http) throws Exception { |
29 | 28 |
AuthorizationFilter customFilter = new AuthorizationFilter(authorizationProvider, utils); |
30 |
http.addFilterBefore(customFilter, BasicAuthenticationFilter.class);
|
|
29 |
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
|
|
31 | 30 |
} |
32 | 31 |
|
33 | 32 |
} |
modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java | ||
---|---|---|
9 | 9 |
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
10 | 10 |
import org.springframework.security.config.http.SessionCreationPolicy; |
11 | 11 |
|
12 |
@EnableGlobalMethodSecurity(securedEnabled = true) |
|
12 |
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
|
13 | 13 |
@EnableWebSecurity |
14 | 14 |
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"}) |
15 | 15 |
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java | ||
---|---|---|
20 | 20 |
public void addCorsMappings(CorsRegistry registry) { |
21 | 21 |
registry.addMapping("/**") |
22 | 22 |
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS") |
23 |
.allowedOrigins(securityConfig.getOriginServer()) |
|
24 | 23 |
.allowCredentials(true); |
25 | 24 |
} |
26 | 25 |
} |
Also available in: Unified diff
Fix some issues. Remove origins temporaly