Minor improvements

453a053d · Julian Horner · 605a3e88 · 453a053d · 453a053d
Commit 453a053d authored Jan 7, 2020 by Julian Horner
--- a/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
+++ b/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
@@ -57,8 +57,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
        // Permit only users with ADMIN role.
        .antMatchers("/securedPage/**").hasRole("ADMIN")
        // Permit auth and login path for sending credentials. 
-        .antMatchers("/auth/**").permitAll()
+        .antMatchers("/auth/**", "/login").permitAll().and()
-        .antMatchers("/login").permitAll().and()
        // Configures where to forward if authentication is required.
        .formLogin().loginPage("/login");
    }

--- a/src/main/java/de/rtuni/ms/apig/filter/JWTAuthenticationFilter.java
+++ b/src/main/java/de/rtuni/ms/apig/filter/JWTAuthenticationFilter.java
@@ -56,7 +56,7 @@ public class JWTAuthenticationFilter extends OncePerRequestFilter {
            FilterChain chain) throws ServletException, IOException {
        // Gets the access_token parameter.
        String bearerToken = request.getParameter("access_token");
-        // Validate the header and check the prefix.
+        // Validate the token and check the prefix.
        if (bearerToken == null || !bearerToken.startsWith(jwtConfiguration.getPrefix())) {
            // If there's no token the user isn't authenticated and we execute the next filter. 
            chain.doFilter(request, response); // If not valid, go to the next filter.