Merge pull request eugenp#165 from Doha2012/master

Eugen · Eugen · commit 68f567c7cdfc · 2015-03-17T18:25:47.000+02:00
security modification
diff --git a/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java b/spring-security-oauth/src/main/java/org/baeldung/config/SecurityConfig.java
@@ -25,9 +25,11 @@ public void configure(WebSecurity web) throws Exception {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         // @formatter:off
-            http.authorizeRequests()
-                .antMatchers("/","/login").permitAll()
-                .anyRequest().hasRole("USER")
+            http
+                .anonymous().disable()
+                .csrf().disable()
+                .authorizeRequests()
+                .antMatchers("/home.html","/post","/postSchedule","/posts").hasRole("USER")
                 .and()
                 .httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint());
 
diff --git a/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java b/spring-security-oauth/src/main/java/org/baeldung/config/ServletInitializer.java
@@ -12,8 +12,8 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
 
     @Override
     protected WebApplicationContext createServletApplicationContext() {
-        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
-        context.register(PersistenceJPAConfig.class, WebConfig.class);
+        final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
+        context.register(PersistenceJPAConfig.class, WebConfig.class, SecurityConfig.class);
         return context;
     }
 
@@ -32,12 +32,13 @@ public void onStartup(ServletContext servletContext) throws ServletException {
         super.onStartup(servletContext);
 
         servletContext.addListener(new SessionListener());
-
         registerProxyFilter(servletContext, "oauth2ClientContextFilter");
+        registerProxyFilter(servletContext, "springSecurityFilterChain");
+
     }
 
     private void registerProxyFilter(ServletContext servletContext, String name) {
-        DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
+        final DelegatingFilterProxy filter = new DelegatingFilterProxy(name);
         filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
         servletContext.addFilter(name, filter).addMappingForUrlPatterns(null, false, "/*");
     }
diff --git a/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java b/spring-security-oauth/src/main/java/org/baeldung/web/RedditController.java
@@ -161,7 +161,7 @@ public String updatePost(Model model, @PathVariable("id") final Long id, @Reques
     // === private
 
     private User getCurrentUser() {
-        return userReopsitory.findByAccessToken(redditRestTemplate.getAccessToken().getValue());
+        return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
     }
 
     private final MultiValueMap<String, String> constructParams(final Map<String, String> formParams) {

Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,7 @@ public String updatePost(Model model, @PathVariable("id") final Long id, @Reques`
`161`	`161`	`// === private`
`162`	`162`
`163`	`163`	`private User getCurrentUser() {`
`164`		`- return userReopsitory.findByAccessToken(redditRestTemplate.getAccessToken().getValue());`
	`164`	`+ return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();`
`165`	`165`	`}`
`166`	`166`
`167`	`167`	`private final MultiValueMap<String, String> constructParams(final Map<String, String> formParams) {`