From 2db7769965dc0364b452a55fa3f3d6ba474692f3 Mon Sep 17 00:00:00 2001
From: "k.triantafyllou" <k.triantafyllou@di.uoa.gr>
Date: Fri, 4 Sep 2020 11:33:39 +0000
Subject: [PATCH] Fix some issues. Remove origins temporaly

---
 .../security/AuthorizationFilter.java                        | 5 +----
 .../security/AuthorizationFilterConfigurer.java              | 3 +--
 .../dnetlib/uoaauthorizationlibrary/security/CorsConfig.java | 1 -
 .../uoaauthorizationlibrary/security/WebSecurityConfig.java  | 2 +-
 4 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java
index dc14d08..1a4b3e4 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java
@@ -37,12 +37,9 @@ public class AuthorizationFilter implements Filter {
         HttpServletRequest request = (HttpServletRequest) req;
         String token = utils.getToken(request);
         if (token != null) {
+            System.out.println(token);
             Authentication auth = authorizationProvider.getAuthentication(token);
             SecurityContextHolder.getContext().setAuthentication(auth);
-        } else {
-            HttpServletResponse response = (HttpServletResponse) res;
-            response.sendError(HttpStatus.UNAUTHORIZED.value(), "No token has been found");
-            return;
         }
         filterChain.doFilter(req, res);
     }
diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java
index bd67a84..8444122 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java
@@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
 public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
 
@@ -27,7 +26,7 @@ public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<Def
     @Override
     public void configure(HttpSecurity http) throws Exception {
         AuthorizationFilter customFilter = new AuthorizationFilter(authorizationProvider, utils);
-        http.addFilterBefore(customFilter, BasicAuthenticationFilter.class);
+        http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
     }
 
 }
diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
index deee65a..2291af2 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
@@ -20,7 +20,6 @@ public class CorsConfig extends WebMvcConfigurerAdapter {
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
-                .allowedOrigins(securityConfig.getOriginServer())
                 .allowCredentials(true);
     }
 }
diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java
index 878d7dc..0eb602e 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java
@@ -9,7 +9,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 
-@EnableGlobalMethodSecurity(securedEnabled = true)
+@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 @EnableWebSecurity
 @ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {