Merge branch 'master' into stage

DDH-RD · May 29, 2024 · 0edc349 · 0edc349
2 parents 5825697 + 3264266
commit 0edc349
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 16 deletions.
diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java
@@ -22,16 +22,6 @@ public ApiKeyAuthFilter(String headerName, AuthenticationManager authenticationM
 
     this.headerName = headerName;
     setAuthenticationManager(authenticationManager);
-    setAuthenticationFailureHandler(
-        (request, response, exception) -> {
-          log.debug("Failed to authenticate API key", exception);
-          response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-        });
-    setAuthenticationSuccessHandler(
-        (request, response, authentication) -> {
-          log.debug("API key authenticated successfully");
-          response.setStatus(HttpServletResponse.SC_OK);
-        });
   }
 
   @Override

diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java
@@ -37,15 +37,22 @@ public ApiKeyAuthFilter apiKeyAuthFilter(AuthenticationManager authenticationMan
   @Bean
   public SecurityFilterChain securityFilterChain(
       HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
-    http.csrf(AbstractHttpConfigurer::disable)
-        .addFilterBefore(
+    http.addFilterBefore(
             apiKeyAuthFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class)
+        .csrf(AbstractHttpConfigurer::disable)
+        .anonymous(AbstractHttpConfigurer::disable)
+        .formLogin(AbstractHttpConfigurer::disable)
+        .httpBasic(AbstractHttpConfigurer::disable)
+        .logout(AbstractHttpConfigurer::disable)
+        .oauth2Login(AbstractHttpConfigurer::disable)
+        .rememberMe(AbstractHttpConfigurer::disable)
+        .requestCache(AbstractHttpConfigurer::disable)
+        .servletApi(AbstractHttpConfigurer::disable)
+        .x509(AbstractHttpConfigurer::disable)
+        .cors(AbstractHttpConfigurer::disable)
         .authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated())
         .sessionManagement(
-            session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-        .exceptionHandling(
-            exception ->
-                exception.authenticationEntryPoint((request, response, authException) -> {}));
+            session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
     log.debug("API key: {}", apiKey);
     log.debug("API key header: {}", apiKeyHeader);