diff --git a/server/src/main/java/com/usatiuk/tjv/y/server/security/User.java b/server/src/main/java/com/usatiuk/tjv/y/server/security/User.java deleted file mode 100644 index d63d8f0..0000000 --- a/server/src/main/java/com/usatiuk/tjv/y/server/security/User.java +++ /dev/null @@ -1,13 +0,0 @@ -package com.usatiuk.tjv.y.server.security; - -import org.springframework.security.core.GrantedAuthority; - -import java.util.Collection; - -public class User extends org.springframework.security.core.userdetails.User { - - public User(String uuid, String hash, - Collection authorities) { - super(uuid, hash, authorities); - } -} \ No newline at end of file diff --git a/server/src/main/java/com/usatiuk/tjv/y/server/security/UserDetailsService.java b/server/src/main/java/com/usatiuk/tjv/y/server/security/UserDetailsService.java index 10b5528..e0ae7a7 100644 --- a/server/src/main/java/com/usatiuk/tjv/y/server/security/UserDetailsService.java +++ b/server/src/main/java/com/usatiuk/tjv/y/server/security/UserDetailsService.java @@ -3,6 +3,7 @@ package com.usatiuk.tjv.y.server.security; import com.usatiuk.tjv.y.server.entity.Person; import com.usatiuk.tjv.y.server.repository.PersonRepository; import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; diff --git a/server/src/main/java/com/usatiuk/tjv/y/server/security/WebSecurityConfig.java b/server/src/main/java/com/usatiuk/tjv/y/server/security/WebSecurityConfig.java index e6cc909..a3c4f60 100644 --- a/server/src/main/java/com/usatiuk/tjv/y/server/security/WebSecurityConfig.java +++ b/server/src/main/java/com/usatiuk/tjv/y/server/security/WebSecurityConfig.java @@ -1,14 +1,11 @@ package com.usatiuk.tjv.y.server.security; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.usatiuk.tjv.y.server.dto.ErrorTo; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -24,10 +21,9 @@ import org.springframework.stereotype.Component; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.handler.HandlerMappingIntrospector; -import java.io.IOException; -import java.io.OutputStream; import java.util.List; @Configuration @@ -42,17 +38,16 @@ public class WebSecurityConfig { @Component class ErrorAuthenticationEntryPoint implements AuthenticationEntryPoint { - @Override - public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) - throws IOException { - var err = new ErrorTo(List.of("Authentication failed"), HttpStatus.UNAUTHORIZED.value()); - response.setContentType(MediaType.APPLICATION_JSON_VALUE); - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - OutputStream responseStream = response.getOutputStream(); - ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(responseStream, err); - responseStream.flush(); + private final HandlerExceptionResolver resolver; + + ErrorAuthenticationEntryPoint(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver) { + this.resolver = resolver; + } + + @Override + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) { + resolver.resolveException(request, response, null, authException); } } @@ -62,12 +57,7 @@ public class WebSecurityConfig { return http.cors(Customizer.withDefaults()) .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests((authorize) -> authorize - .requestMatchers(mvc.pattern(HttpMethod.GET, "/post/**")).permitAll() - .requestMatchers(mvc.pattern(HttpMethod.GET, "/post*")).permitAll() .requestMatchers(mvc.pattern(HttpMethod.POST, "/person")).permitAll() - .requestMatchers(mvc.pattern(HttpMethod.GET, "/person")).permitAll() - .requestMatchers(mvc.pattern(HttpMethod.GET, "/person/by-username/*")).permitAll() - .requestMatchers(mvc.pattern(HttpMethod.GET, "/person/by-uuid/*")).permitAll() .requestMatchers(mvc.pattern(HttpMethod.POST, "/token")).permitAll() .requestMatchers(mvc.pattern("/error")).permitAll() .anyRequest().hasAuthority(UserRoles.ROLE_USER.name())) diff --git a/server/src/test/java/com/usatiuk/tjv/y/server/controller/PersonControllerTest.java b/server/src/test/java/com/usatiuk/tjv/y/server/controller/PersonControllerTest.java index 81b8d6f..9b4f071 100644 --- a/server/src/test/java/com/usatiuk/tjv/y/server/controller/PersonControllerTest.java +++ b/server/src/test/java/com/usatiuk/tjv/y/server/controller/PersonControllerTest.java @@ -41,7 +41,7 @@ public class PersonControllerTest extends DemoDataDbTest { @Test void shouldGet() { var response = restTemplate.exchange(addr + "/person/by-username/" + person1.getUsername(), - HttpMethod.GET, HttpEntity.EMPTY, PersonTo.class); + HttpMethod.GET, new HttpEntity<>(createAuthHeaders(person1Auth)), PersonTo.class); Assertions.assertNotNull(response); Assertions.assertEquals(HttpStatus.OK, response.getStatusCode()); diff --git a/server/src/test/java/com/usatiuk/tjv/y/server/controller/PostControllerTest.java b/server/src/test/java/com/usatiuk/tjv/y/server/controller/PostControllerTest.java index cc71556..4f314ef 100644 --- a/server/src/test/java/com/usatiuk/tjv/y/server/controller/PostControllerTest.java +++ b/server/src/test/java/com/usatiuk/tjv/y/server/controller/PostControllerTest.java @@ -51,7 +51,7 @@ public class PostControllerTest extends DemoDataDbTest { @Test void shouldGetPost() { var response = restTemplate.exchange(addr + "/post/" + post1.getId(), HttpMethod.GET, - HttpEntity.EMPTY, PostTo.class); + new HttpEntity<>(createAuthHeaders(person1Auth)), PostTo.class); Assertions.assertEquals(HttpStatus.OK, response.getStatusCode()); var parsedResponse = response.getBody(); @@ -64,7 +64,7 @@ public class PostControllerTest extends DemoDataDbTest { @Test void shouldGetByAuthor() { var response = restTemplate.exchange(addr + "/post/by-author-uuid/" + person1.getUuid(), HttpMethod.GET, - HttpEntity.EMPTY, PostTo[].class); + new HttpEntity<>(createAuthHeaders(person1Auth)), PostTo[].class); Assertions.assertEquals(HttpStatus.OK, response.getStatusCode()); var parsedResponse = response.getBody();