fix messages
This commit is contained in:
Anton Romanov
parent
4e1d99392a
commit
fa03edf32d
@ -29,6 +29,7 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
|
|||||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||||
import ru.ulstu.core.model.AuthFailureHandler;
|
import ru.ulstu.core.model.AuthFailureHandler;
|
||||||
|
import ru.ulstu.core.navigation.Page;
|
||||||
import ru.ulstu.user.model.UserRoleConstants;
|
import ru.ulstu.user.model.UserRoleConstants;
|
||||||
import ru.ulstu.user.service.UserService;
|
import ru.ulstu.user.service.UserService;
|
||||||
|
|
||||||
@ -76,8 +77,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http.csrf()
|
http.csrf().disable();
|
||||||
.disable();
|
|
||||||
if (applicationProperties.isDevMode()) {
|
if (applicationProperties.isDevMode()) {
|
||||||
log.debug("Security disabled");
|
log.debug("Security disabled");
|
||||||
http.authorizeRequests()
|
http.authorizeRequests()
|
||||||
@ -92,6 +92,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
.permitAll()
|
.permitAll()
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
.authenticated()
|
.authenticated()
|
||||||
|
.antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
|
||||||
.and()
|
.and()
|
||||||
.formLogin()
|
.formLogin()
|
||||||
.loginPage("/login.xhtml")
|
.loginPage("/login.xhtml")
|
||||||
@ -108,12 +109,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
.tokenEndpoint()
|
.tokenEndpoint()
|
||||||
.accessTokenResponseClient(accessTokenResponseClient())
|
.accessTokenResponseClient(accessTokenResponseClient())
|
||||||
.and()
|
.and()
|
||||||
.defaultSuccessUrl("/index.xhtml")
|
.defaultSuccessUrl(Page.INDEX)
|
||||||
.failureUrl("/loginFailure")
|
.failureUrl("/loginFailure")
|
||||||
.and()
|
.and()
|
||||||
.logout()
|
.logout()
|
||||||
.logoutSuccessHandler(logoutSuccessHandler)
|
.logoutSuccessHandler(logoutSuccessHandler)
|
||||||
.logoutSuccessUrl(Constants.LOGOUT_URL)
|
.logoutSuccessUrl(Page.LOGOUT)
|
||||||
.invalidateHttpSession(true)
|
.invalidateHttpSession(true)
|
||||||
.clearAuthentication(true)
|
.clearAuthentication(true)
|
||||||
.deleteCookies(Constants.COOKIES_NAME)
|
.deleteCookies(Constants.COOKIES_NAME)
|
||||||
@ -191,79 +192,4 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
throw new BeanInitializationException("Security configuration failed", e);
|
throw new BeanInitializationException("Security configuration failed", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* @Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http.csrf()
|
|
||||||
.disable();
|
|
||||||
if (applicationProperties.isDevMode()) {
|
|
||||||
log.debug("Security disabled");
|
|
||||||
http.authorizeRequests()
|
|
||||||
.anyRequest()
|
|
||||||
.permitAll();
|
|
||||||
http.anonymous()
|
|
||||||
.principal("admin")
|
|
||||||
.authorities(UserRoleConstants.ADMIN);
|
|
||||||
} else {
|
|
||||||
log.debug("Security enabled");
|
|
||||||
http.authorizeRequests()
|
|
||||||
.antMatchers(UserController.ACTIVATE_URL).permitAll()
|
|
||||||
.antMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
|
|
||||||
.antMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
|
|
||||||
.antMatchers("/users/block").permitAll()
|
|
||||||
.antMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
|
|
||||||
.antMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
|
|
||||||
.antMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
|
|
||||||
.antMatchers(UserController.URL + UserController.PASSWORD_RESET_URL).permitAll()
|
|
||||||
.antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
|
|
||||||
.anyRequest().authenticated()
|
|
||||||
.and()
|
|
||||||
.formLogin()
|
|
||||||
.loginPage("/login.xhtml")
|
|
||||||
.successHandler(authenticationSuccessHandler)
|
|
||||||
.failureHandler(authenticationFailureHandler)
|
|
||||||
.permitAll()
|
|
||||||
.and()
|
|
||||||
.logout()
|
|
||||||
.logoutSuccessHandler(logoutSuccessHandler)
|
|
||||||
.logoutSuccessUrl(Constants.LOGOUT_URL)
|
|
||||||
.invalidateHttpSession(false)
|
|
||||||
.clearAuthentication(true)
|
|
||||||
.deleteCookies(Constants.COOKIES_NAME)
|
|
||||||
.permitAll();
|
|
||||||
}
|
|
||||||
if (applicationProperties.isUseHttps()) {
|
|
||||||
http.portMapper()
|
|
||||||
.http(httpPort)
|
|
||||||
.mapsTo(httpsPort)
|
|
||||||
.and()
|
|
||||||
.requiresChannel()
|
|
||||||
.anyRequest()
|
|
||||||
.requiresSecure();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void configure(WebSecurity web) {
|
|
||||||
web.ignoring()
|
|
||||||
.antMatchers("/css/**")
|
|
||||||
.antMatchers("/javax.faces.resource/**")
|
|
||||||
.antMatchers("/js/**")
|
|
||||||
.antMatchers("/templates/**")
|
|
||||||
.antMatchers("/webjars/**")
|
|
||||||
.antMatchers("/img/**");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
|
||||||
if (applicationProperties.isDevMode()) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
try {
|
|
||||||
auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new BeanInitializationException("Security configuration failed", e);
|
|
||||||
}
|
|
||||||
}*/
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user