From 17cef53178b60c80b6fb47987bb75076cb1b5232 Mon Sep 17 00:00:00 2001
From: Julian Horner <julianhorner@web.de>
Date: Thu, 2 Jan 2020 14:12:07 +0100
Subject: [PATCH] Remove unnecessary code in SecurityConfiguration and minor
improvements
---
.../java/de/rtuni/ms/apig/Application.java | 6 +-
.../ms/apig/config/SecurityConfiguration.java | 64 +++++++++----------
.../ms/apig/controller/LoginController.java | 11 ++--
3 files changed, 38 insertions(+), 43 deletions(-)
diff --git a/src/main/java/de/rtuni/ms/apig/Application.java b/src/main/java/de/rtuni/ms/apig/Application.java
index 4a3073e..8f4d7b2 100644
--- a/src/main/java/de/rtuni/ms/apig/Application.java
+++ b/src/main/java/de/rtuni/ms/apig/Application.java
@@ -11,7 +11,7 @@ import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
/**
- * Starts the api gateway as a zuul server.
+ * Class for starting an api gateway as a zuul server.
*
* @author Julian
*
@@ -23,11 +23,11 @@ public class Application {
//---------------------------------------------------------------------------------------------
/**
- * Starts the application.
+ * Start the application.
*
* @param args The arguments
*/
- public static void main(final String[] args) { SpringApplication.run(Application.class, args); }
+ public static void main(String[] args) { SpringApplication.run(Application.class, args); }
//---------------------------------------------------------------------------------------------
}
diff --git a/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java b/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
index e1b430e..de34e6a 100644
--- a/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
+++ b/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
@@ -13,65 +13,59 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import de.rtuni.ms.apig.filter.JwtTokenAuthenticationFilter;
+import de.rtuni.ms.apig.filter.JWTAuthenticationFilter;
/**
- * Class that enables custom security configuration.
+ * Class that handles several security configurations.
*
* @author Julian
*/
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
- //----------------------------------------------------------------------------------------------
+ //---------------------------------------------------------------------------------------------
- /** The <code>JwtConfig</code> for the json web token. */
+ /** The <code>JwtConfiguration</code>. */
@Autowired
- private JwtConfig jwtConfig;
+ private JwtConfiguration jwtConfiguration;
- //----------------------------------------------------------------------------------------------
+ //---------------------------------------------------------------------------------------------
/**
- * Overrides the default security configuration.
+ * Get a new <code>JwtConfiguration</code>.
+ *
+ * @return The stated JWT configuration
+ */
+ @Bean
+ public JwtConfiguration jwtConfig() {
+ return new JwtConfiguration();
+ }
+
+ //---------------------------------------------------------------------------------------------
+
+ /**
+ * Configure custom security configurations.
+ * <p>
+ * {@inheritDoc}
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
- // make sure we use stateless session; session won't be used to store user's state.
+ // Use stateless sessions.
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
- // Add a filter to validate the tokens with every request.
- .addFilterAfter(new JwtTokenAuthenticationFilter(jwtConfig),
+ // Add filter to validate tokens with every request.
+ .addFilterAfter(new JWTAuthenticationFilter(jwtConfiguration),
UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
- .antMatchers("/auth/**").permitAll()
- // Anyone who is trying to access the securedPage must be an ADMIN.
- // TODO can we change the path to /securedPage?
+ // Permit only users with ADMIN role.
.antMatchers("/securedPage/**").hasRole("ADMIN")
- // Permit default path.
+ // Permit auth and login path for sending credentials.
+ .antMatchers("/auth/**").permitAll()
.antMatchers("/login").permitAll().and()
// Configures where to forward if authentication is required.
- .formLogin().loginPage("/login")
- // Configures url for processing of login data.
- .loginProcessingUrl("process_login") // TODO can we remove this?
- // Configures where to go if there is no previous visited page.
- .defaultSuccessUrl("/", true).and()
- // Configures url for processing of logout.
- .logout().logoutUrl("/process_logout")
- .deleteCookies("JSESSIONID"); // TODO i think we can remove this
- }
-
- //----------------------------------------------------------------------------------------------
-
- /**
- * Get a new <code>JwtConfig</code>.
- *
- * @return The stated configuration
- */
- @Bean
- public JwtConfig jwtConfig() {
- return new JwtConfig();
+ .formLogin().loginPage("/login");
}
- //----------------------------------------------------------------------------------------------
+ //---------------------------------------------------------------------------------------------
}
diff --git a/src/main/java/de/rtuni/ms/apig/controller/LoginController.java b/src/main/java/de/rtuni/ms/apig/controller/LoginController.java
index f2a138b..8115540 100644
--- a/src/main/java/de/rtuni/ms/apig/controller/LoginController.java
+++ b/src/main/java/de/rtuni/ms/apig/controller/LoginController.java
@@ -9,23 +9,24 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
- * Class that handles all kind of requests.
+ * Login controller that handles all requests for the login path.
*
* @author Julian
*/
@Controller
public class LoginController {
- //----------------------------------------------------------------------------------------------
+ //---------------------------------------------------------------------------------------------
/**
- * Catch the request for the login page and returns the name of the corresponding template.
+ * Catch the request for the default login page and return the name of the corresponding
+ * template.
*
- * @return The name of the template
+ * @return The name of the template to show
*/
@RequestMapping("/login")
public String login() {
return "login";
}
- //----------------------------------------------------------------------------------------------
+ //---------------------------------------------------------------------------------------------
}
\ No newline at end of file
--
GitLab