Merge branch 'master' of gitlab.eudat.eu:dmp/OpenAIRE-EUDAT-DMP-service-pilot

2017-10-17 10:38:16 +03:00 · 2017-10-17 10:38:16 +03:00 · b551221222
parent 7a11d3bb58 2cae022c23
commit b551221222
3 changed files with 8 additions and 5 deletions
--- a/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java
+++ b/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java
@ -32,8 +32,13 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		
+		System.out.println("AUTHENTICATION");
+		System.out.println(authentication);
+		
 		if (authentication != null) {
 			
+			System.out.println((String)authentication.getCredentials());
+			
 			String token = (String)authentication.getCredentials();
 			TokenValidator tokenValidator = null;
 			
@ -63,10 +68,6 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
 		}
 		else
 			throw new AuthenticationServiceException("Authentication failed");
-
-		
-//		//DELETE THIS, USE THE ABOVE
-//		return new UsernamePasswordAuthenticationToken("", "", new ArrayList<>());
 		
 		
 	}
--- a/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java
+++ b/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java
@ -45,7 +45,7 @@ public class TokenAuthenticationFilter extends GenericFilterBean {
 		httpResponse.setHeader("Access-Control-Allow-Origin", "*");
 		httpResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
 		httpResponse.setHeader("Access-Control-Max-Age", "7200");
-		httpResponse.setHeader("Access-Control-Allow-Headers", "content-type, "+HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD);
+		httpResponse.setHeader("Access-Control-Allow-Headers", "content-type, X-CSRF-Token, "+HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD);
 //		httpResponse.addHeader("Access-Control-Expose-Headers", "xsrf-token , " +HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD);
 		
 		
--- a/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml
+++ b/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml
@ -20,6 +20,8 @@
 	
 		<!-- Default to Spring MVC's CORS configuration -->
 		<cors />
+		<!-- disable csrf checks -->
+		<csrf disabled="true"/>
 	
 		<custom-filter after="BASIC_AUTH_FILTER" ref="tokenAuthenticationFilter" />
 	     <intercept-url pattern="/**" access="isAuthenticated()" />