Remove unnecessary code in SecurityConfiguration and minor improvements

17cef531 · Julian Horner · 11841a60 · 17cef531 · 17cef531 · 17cef531
Commit 17cef531 authored 5 years ago by Julian Horner
--- a/src/main/java/de/rtuni/ms/apig/Application.java
+++ b/src/main/java/de/rtuni/ms/apig/Application.java
@@ -11,7 +11,7 @@ import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
 import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
 /**
- * Starts the api gateway as a zuul server.
+ * Class for starting an api gateway as a zuul server.
 * 
 * @author Julian
 *
@@ -23,11 +23,11 @@ public class Application {
    //---------------------------------------------------------------------------------------------
    /**
-     * Starts the application.
+     * Start the application.
     * 
     * @param args The arguments
     */
-    public static void main(final String[] args) { SpringApplication.run(Application.class, args); }
+    public static void main(String[] args) { SpringApplication.run(Application.class, args); }
    //---------------------------------------------------------------------------------------------
 }
--- a/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
+++ b/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
@@ -13,65 +13,59 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import de.rtuni.ms.apig.filter.JwtTokenAuthenticationFilter;
+import de.rtuni.ms.apig.filter.JWTAuthenticationFilter;
 /**
- * Class that enables custom security configuration.
+ * Class that handles several security configurations.
 * 
 * @author Julian
 */
 @EnableWebSecurity
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
-    /** The <code>JwtConfig</code> for the json web token. */
+    /** The <code>JwtConfiguration</code>. */
    @Autowired
-    private JwtConfig jwtConfig;
+    private JwtConfiguration jwtConfiguration;
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
    /**
-     * Overrides the default security configuration.
+     * Get a new <code>JwtConfiguration</code>.
+     * 
+     * @return The stated JWT configuration
+     */
+    @Bean
+    public JwtConfiguration jwtConfig() {
+        return new JwtConfiguration();
+    }
+    //---------------------------------------------------------------------------------------------
+    /**
+     * Configure custom security configurations.
+     * <p>
+     * {@inheritDoc}
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
-            // make sure we use stateless session; session won't be used to store user's state.
+            // Use stateless sessions.
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
-            // Add a filter to validate the tokens with every request.
+            // Add filter to validate tokens with every request.
-            .addFilterAfter(new JwtTokenAuthenticationFilter(jwtConfig),
+            .addFilterAfter(new JWTAuthenticationFilter(jwtConfiguration),
                    UsernamePasswordAuthenticationFilter.class)
            .authorizeRequests()
-            .antMatchers("/auth/**").permitAll()
+            // Permit only users with ADMIN role.
-            // Anyone who is trying to access the securedPage must be an ADMIN.
-            // TODO can we change the path to /securedPage?
            .antMatchers("/securedPage/**").hasRole("ADMIN")
-            // Permit default path. 
+            // Permit auth and login path for sending credentials. 
+            .antMatchers("/auth/**").permitAll()
            .antMatchers("/login").permitAll().and()
            // Configures where to forward if authentication is required.
-            .formLogin().loginPage("/login")
+            .formLogin().loginPage("/login");
-            // Configures url for processing of login data.
-            .loginProcessingUrl("process_login") // TODO can we remove this?
-            // Configures where to go if there is no previous visited page.
-            .defaultSuccessUrl("/", true).and()
-            // Configures url for processing of logout.
-            .logout().logoutUrl("/process_logout")
-            .deleteCookies("JSESSIONID"); // TODO i think we can remove this
-    }
-    //----------------------------------------------------------------------------------------------
-    /**
-     * Get a new <code>JwtConfig</code>.
-     * 
-     * @return The stated configuration
-     */
-    @Bean
-    public JwtConfig jwtConfig() {
-        return new JwtConfig();
    }
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
 }
--- a/src/main/java/de/rtuni/ms/apig/controller/LoginController.java
+++ b/src/main/java/de/rtuni/ms/apig/controller/LoginController.java
@@ -9,23 +9,24 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 /**
- * Class that handles all kind of requests.
+ * Login controller that handles all requests for the login path.
 * 
 * @author Julian
 */
 @Controller
 public class LoginController {
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
    /**
-     * Catch the request for the login page and returns the name of the corresponding template.
+     * Catch the request for the default login page and return the name of the corresponding
+     * template.
     * 
-     * @return The name of the template
+     * @return The name of the template to show
     */
    @RequestMapping("/login")
    public String login() {
        return "login";
    }
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
 }
\ No newline at end of file