Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- antMatchers("/api/v1/signup").permitAll().
- message=An Authentication object was not found in the SecurityContext, type=org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.
- csrf().disable().
- sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
- and().
- authorizeRequests().
- antMatchers("/api/v1/signup").permitAll().
- anyRequest().authenticated().
- and().
- anonymous().disable();
- http.addFilterBefore(new AuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class);
- }
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest httpRequest = asHttp(request);
- HttpServletResponse httpResponse = asHttp(response);
- String username = httpRequest.getHeader("X-Auth-Username");
- String password = httpRequest.getHeader("X-Auth-Password");
- String token = httpRequest.getHeader("X-Auth-Token");
- String resourcePath = new UrlPathHelper().getPathWithinApplication(httpRequest);
- try {
- if (postToAuthenticate(httpRequest, resourcePath)) {
- processUsernamePasswordAuthentication(httpResponse, username, password);
- return;
- }
- if(token != null){
- processTokenAuthentication(token);
- }
- chain.doFilter(request, response);
- } catch (InternalAuthenticationServiceException internalAuthenticationServiceException) {
- SecurityContextHolder.clearContext();
- logger.error("Internal authentication service exception", internalAuthenticationServiceException);
- httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- } catch (AuthenticationException authenticationException) {
- SecurityContextHolder.clearContext();
- httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authenticationException.getMessage());
- } finally {
- }
- }
- private HttpServletRequest asHttp(ServletRequest request) {
- return (HttpServletRequest) request;
- }
- private HttpServletResponse asHttp(ServletResponse response) {
- return (HttpServletResponse) response;
- }
- private boolean postToAuthenticate(HttpServletRequest httpRequest, String resourcePath) {
- return Constant.AUTHENTICATE_URL.equalsIgnoreCase(resourcePath) && httpRequest.getMethod().equals("POST");
- }
- private void processUsernamePasswordAuthentication(HttpServletResponse httpResponse,String username, String password) throws IOException {
- Authentication resultOfAuthentication = tryToAuthenticateWithUsernameAndPassword(username, password);
- SecurityContextHolder.getContext().setAuthentication(resultOfAuthentication);
- httpResponse.setStatus(HttpServletResponse.SC_OK);
- httpResponse.addHeader("Content-Type", "application/json");
- httpResponse.addHeader("X-Auth-Token", resultOfAuthentication.getDetails().toString());
- }
- private Authentication tryToAuthenticateWithUsernameAndPassword(String username,String password) {
- UsernamePasswordAuthenticationToken requestAuthentication = new UsernamePasswordAuthenticationToken(username, password);
- return tryToAuthenticate(requestAuthentication);
- }
- private void processTokenAuthentication(String token) {
- Authentication resultOfAuthentication = tryToAuthenticateWithToken(token);
- SecurityContextHolder.getContext().setAuthentication(resultOfAuthentication);
- }
- private Authentication tryToAuthenticateWithToken(String token) {
- PreAuthenticatedAuthenticationToken requestAuthentication = new PreAuthenticatedAuthenticationToken(token, null);
- return tryToAuthenticate(requestAuthentication);
- }
- private Authentication tryToAuthenticate(Authentication requestAuthentication) {
- Authentication responseAuthentication = authenticationManager.authenticate(requestAuthentication);
- if (responseAuthentication == null || !responseAuthentication.isAuthenticated()) {
- throw new InternalAuthenticationServiceException("Unable to authenticate Domain User for provided credentials");
- }
- logger.debug("User successfully authenticated");
- return responseAuthentication;
- }
- @RestController
- public class UserController {
- @Autowired
- UserService userService;
- /**
- * to pass user info to service
- */
- @RequestMapping(value = "api/v1/signup",method = RequestMethod.POST)
- public String saveUser(@RequestBody User user) {
- userService.saveUser(user);
- return "User registerted successfully";
- }
- }
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/api/v1/signup");
- }
- <http pattern="/resources/**" security="none"/>
- web.ignoring().antMatchers("/resources/**");
- <intercept-url pattern="/resources/**" filters="none"/>
- <intercept-url pattern="/login*" filters="none" />
- @EnableWebSecurity
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers("/web/admin/**").hasAnyRole(ADMIN.toString(), GUEST.toString())
- .anyRequest().permitAll()
- .and()
- .formLogin().loginPage("/web/login").permitAll()
- .and()
- .csrf().ignoringAntMatchers("/contact-email")
- .and()
- .logout().logoutUrl("/web/logout").logoutSuccessUrl("/web/").permitAll();
- }
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth.inMemoryAuthentication()
- .withUser("admin").password("admin").roles(ADMIN.toString())
- .and()
- .withUser("guest").password("guest").roles(GUEST.toString());
- }
- }
- .csrf().ignoringAntMatchers("/contact-email")
- http
- .authorizeRequests()
- .antMatchers("/api/v1/signup/**").permitAll()
- .anyRequest().authenticated()
Add Comment
Please, Sign In to add comment