Fix some issues. Remove origins temporaly

2020-09-04 11:33:39 +00:00 · 2020-09-04 11:33:39 +00:00 · 2db7769965
parent 6013bae4c5
commit 2db7769965
4 changed files with 3 additions and 8 deletions
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java
@ -37,12 +37,9 @@ public class AuthorizationFilter implements Filter {
        HttpServletRequest request = (HttpServletRequest) req;
        String token = utils.getToken(request);
        if (token != null) {
            System.out.println(token);
            Authentication auth = authorizationProvider.getAuthentication(token);
            SecurityContextHolder.getContext().setAuthentication(auth);
        } else {
            HttpServletResponse response = (HttpServletResponse) res;
            response.sendError(HttpStatus.UNAUTHORIZED.value(), "No token has been found");
            return;
        }
        filterChain.doFilter(req, res);
    }
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java
@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
@ -27,7 +26,7 @@ public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<Def
    @Override
    public void configure(HttpSecurity http) throws Exception {
        AuthorizationFilter customFilter = new AuthorizationFilter(authorizationProvider, utils);
-        http.addFilterBefore(customFilter, BasicAuthenticationFilter.class);
+        http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
    }
 }
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
@ -20,7 +20,6 @@ public class CorsConfig extends WebMvcConfigurerAdapter {
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
                .allowedOrigins(securityConfig.getOriginServer())
                .allowCredentials(true);
    }
 }
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java
@ -9,7 +9,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-@EnableGlobalMethodSecurity(securedEnabled = true)
+@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {