fix messages

5 years ago · fa03edf32d
parent 4e1d99392a
commit fa03edf32d
1 changed files with 5 additions and 79 deletions
--- a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
+++ b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
@ -29,6 +29,7 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import ru.ulstu.core.model.AuthFailureHandler;
+import ru.ulstu.core.navigation.Page;
 import ru.ulstu.user.model.UserRoleConstants;
 import ru.ulstu.user.service.UserService;

@ -76,8 +77,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf()
-                .disable();
+        http.csrf().disable();
        if (applicationProperties.isDevMode()) {
            log.debug("Security disabled");
            http.authorizeRequests()
@ -92,6 +92,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                    .permitAll()
                    .anyRequest()
                    .authenticated()
+                    .antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
                    .and()
                    .formLogin()
                    .loginPage("/login.xhtml")
@ -108,12 +109,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                    .tokenEndpoint()
                    .accessTokenResponseClient(accessTokenResponseClient())
                    .and()
-                    .defaultSuccessUrl("/index.xhtml")
+                    .defaultSuccessUrl(Page.INDEX)
                    .failureUrl("/loginFailure")
                    .and()
                    .logout()
                    .logoutSuccessHandler(logoutSuccessHandler)
-                    .logoutSuccessUrl(Constants.LOGOUT_URL)
+                    .logoutSuccessUrl(Page.LOGOUT)
                    .invalidateHttpSession(true)
                    .clearAuthentication(true)
                    .deleteCookies(Constants.COOKIES_NAME)
@ -191,79 +192,4 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
            throw new BeanInitializationException("Security configuration failed", e);
        }
    }
-
-   /* @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf()
-                .disable();
-        if (applicationProperties.isDevMode()) {
-            log.debug("Security disabled");
-            http.authorizeRequests()
-                    .anyRequest()
-                    .permitAll();
-            http.anonymous()
-                    .principal("admin")
-                    .authorities(UserRoleConstants.ADMIN);
-        } else {
-            log.debug("Security enabled");
-            http.authorizeRequests()
-                    .antMatchers(UserController.ACTIVATE_URL).permitAll()
-                    .antMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
-                    .antMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
-                    .antMatchers("/users/block").permitAll()
-                    .antMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
-                    .antMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
-                    .antMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
-                    .antMatchers(UserController.URL + UserController.PASSWORD_RESET_URL).permitAll()
-                    .antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
-                    .anyRequest().authenticated()
-                    .and()
-                    .formLogin()
-                    .loginPage("/login.xhtml")
-                    .successHandler(authenticationSuccessHandler)
-                    .failureHandler(authenticationFailureHandler)
-                    .permitAll()
-                    .and()
-                    .logout()
-                    .logoutSuccessHandler(logoutSuccessHandler)
-                    .logoutSuccessUrl(Constants.LOGOUT_URL)
-                    .invalidateHttpSession(false)
-                    .clearAuthentication(true)
-                    .deleteCookies(Constants.COOKIES_NAME)
-                    .permitAll();
-        }
-        if (applicationProperties.isUseHttps()) {
-            http.portMapper()
-                    .http(httpPort)
-                    .mapsTo(httpsPort)
-                    .and()
-                    .requiresChannel()
-                    .anyRequest()
-                    .requiresSecure();
-        }
-
-    }
-
-    @Override
-    public void configure(WebSecurity web) {
-        web.ignoring()
-                .antMatchers("/css/**")
-                .antMatchers("/javax.faces.resource/**")
-                .antMatchers("/js/**")
-                .antMatchers("/templates/**")
-                .antMatchers("/webjars/**")
-                .antMatchers("/img/**");
-    }
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) {
-        if (applicationProperties.isDevMode()) {
-            return;
-        }
-        try {
-            auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
-        } catch (Exception e) {
-            throw new BeanInitializationException("Security configuration failed", e);
-        }
-    }*/
 }