From f127b1c2f5fdbaab298c85748ef6938d3cb0cfd8 Mon Sep 17 00:00:00 2001 From: GodCipher Date: Fri, 31 May 2024 23:16:25 +0200 Subject: [PATCH] anyone a spring boot master able to help? --- .../spring/config/ApiKeyAuthFilter.java | 7 +- .../spring/config/WebSecurityConfig.java | 78 +++++++++---------- 2 files changed, 41 insertions(+), 44 deletions(-) diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java index b510f09..b2ec2ab 100644 --- a/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java +++ b/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java @@ -12,6 +12,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @Slf4j public class ApiKeyAuthFilter extends AbstractAuthenticationProcessingFilter { @@ -19,7 +20,7 @@ public class ApiKeyAuthFilter extends AbstractAuthenticationProcessingFilter { private final String headerName; public ApiKeyAuthFilter(String headerName, AuthenticationManager authenticationManager) { - super("/*"); + super(new AntPathRequestMatcher("/api/**")); this.headerName = headerName; setAuthenticationManager(authenticationManager); @@ -51,7 +52,9 @@ protected void successfulAuthentication( } @Override - protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { + protected void unsuccessfulAuthentication( + HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) + throws IOException, ServletException { SecurityContextHolder.clearContext(); super.unsuccessfulAuthentication(request, response, failed); } diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java index af433be..1792263 100644 --- a/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java +++ b/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java @@ -1,16 +1,11 @@ package dev.luzifer.spring.config; -import jakarta.servlet.FilterChain; -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; +import jakarta.annotation.PostConstruct; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.core.Ordered; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; @@ -18,12 +13,9 @@ import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; -import org.springframework.web.filter.OncePerRequestFilter; - -import java.io.IOException; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration @EnableWebSecurity @@ -34,7 +26,7 @@ public class WebSecurityConfig { private final String apiKeyHeader; public WebSecurityConfig( - @Value("${api.key}") String apiKey, @Value("${api.key.header}") String apiKeyHeader) { + @Value("${api.key}") String apiKey, @Value("${api.key.header}") String apiKeyHeader) { this.apiKey = apiKey; this.apiKeyHeader = apiKeyHeader; } @@ -45,34 +37,18 @@ public ApiKeyAuthFilter apiKeyAuthFilter(AuthenticationManager authenticationMan } @Bean - public FilterRegistrationBean apiKeyAuthFilterRegistrationBean(AuthenticationManager authenticationManager) { - FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(); - - registrationBean.setFilter(new OncePerRequestFilter() { - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - if (SecurityContextHolder.getContext().getAuthentication() == null) { - ApiKeyAuthFilter apiKeyAuthFilter = new ApiKeyAuthFilter(apiKeyHeader, authenticationManager); - apiKeyAuthFilter.doFilter(request, response, filterChain); - } else { - filterChain.doFilter(request, response); - } - } - }); - - registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); - - return registrationBean; - } + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + AuthenticationManager authenticationManager = + http.getSharedObject(AuthenticationConfiguration.class).getAuthenticationManager(); - @Bean - public SecurityFilterChain securityFilterChain( - HttpSecurity http, AuthenticationManager authenticationManager) throws Exception { http.csrf(AbstractHttpConfigurer::disable) - .formLogin(AbstractHttpConfigurer::disable) - .anonymous(AbstractHttpConfigurer::disable) - .authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated()) - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); + .formLogin(AbstractHttpConfigurer::disable) + .anonymous(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated()) + .sessionManagement( + session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .addFilterBefore( + apiKeyAuthFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class); log.debug("API key: {}", apiKey); log.debug("API key header: {}", apiKeyHeader); @@ -82,7 +58,7 @@ public SecurityFilterChain securityFilterChain( @Bean public AuthenticationManager authenticationManager( - AuthenticationConfiguration authenticationConfiguration) throws Exception { + AuthenticationConfiguration authenticationConfiguration) throws Exception { return authenticationConfiguration.getAuthenticationManager(); } @@ -93,8 +69,26 @@ public ApiKeyAuthenticationProvider apiKeyAuthenticationProvider() { @Autowired public void configureGlobal( - AuthenticationManagerBuilder auth, - ApiKeyAuthenticationProvider apiKeyAuthenticationProvider) { + AuthenticationManagerBuilder auth, + ApiKeyAuthenticationProvider apiKeyAuthenticationProvider) { auth.authenticationProvider(apiKeyAuthenticationProvider); } -} \ No newline at end of file + + @Autowired private FilterChainProxy springSecurityFilterChain; + + @PostConstruct + public void printSecurityFilters() { + log.debug("Security Filter Chain: "); + springSecurityFilterChain + .getFilterChains() + .forEach( + chain -> { + chain + .getFilters() + .forEach( + filter -> { + log.debug("Filter: " + filter.getClass().getName()); + }); + }); + } +}