diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java index 710c3fb..b510f09 100644 --- a/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java +++ b/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java @@ -49,4 +49,10 @@ protected void successfulAuthentication( SecurityContextHolder.getContext().setAuthentication(authResult); chain.doFilter(request, response); } + + @Override + protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { + SecurityContextHolder.clearContext(); + super.unsuccessfulAuthentication(request, response, failed); + } } diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java index 5b8065d..f99bba8 100644 --- a/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java +++ b/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java @@ -1,10 +1,16 @@ package dev.luzifer.spring.config; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.Ordered; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; @@ -12,8 +18,12 @@ import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; @Configuration @EnableWebSecurity @@ -24,7 +34,7 @@ public class WebSecurityConfig { private final String apiKeyHeader; public WebSecurityConfig( - @Value("${api.key}") String apiKey, @Value("${api.key.header}") String apiKeyHeader) { + @Value("${api.key}") String apiKey, @Value("${api.key.header}") String apiKeyHeader) { this.apiKey = apiKey; this.apiKeyHeader = apiKeyHeader; } @@ -34,12 +44,34 @@ public ApiKeyAuthFilter apiKeyAuthFilter(AuthenticationManager authenticationMan return new ApiKeyAuthFilter(apiKeyHeader, authenticationManager); } + @Bean + public FilterRegistrationBean apiKeyAuthFilterRegistrationBean(AuthenticationManager authenticationManager) { + FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(); + + registrationBean.setFilter(new OncePerRequestFilter() { + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + if (SecurityContextHolder.getContext().getAuthentication() == null) { + ApiKeyAuthFilter apiKeyAuthFilter = new ApiKeyAuthFilter(apiKeyHeader, authenticationManager); + apiKeyAuthFilter.doFilter(request, response, filterChain); + } else { + filterChain.doFilter(request, response); + } + } + }); + + registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + + return registrationBean; + } + @Bean public SecurityFilterChain securityFilterChain( HttpSecurity http, AuthenticationManager authenticationManager) throws Exception { http.csrf(AbstractHttpConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) - .authorizeRequests(authorize -> authorize.anyRequest().authenticated()) + .anonymous(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated()) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .addFilterBefore(apiKeyAuthFilter(authenticationManager), BasicAuthenticationFilter.class); @@ -51,7 +83,7 @@ public SecurityFilterChain securityFilterChain( @Bean public AuthenticationManager authenticationManager( - AuthenticationConfiguration authenticationConfiguration) throws Exception { + AuthenticationConfiguration authenticationConfiguration) throws Exception { return authenticationConfiguration.getAuthenticationManager(); } @@ -62,8 +94,8 @@ public ApiKeyAuthenticationProvider apiKeyAuthenticationProvider() { @Autowired public void configureGlobal( - AuthenticationManagerBuilder auth, - ApiKeyAuthenticationProvider apiKeyAuthenticationProvider) { + AuthenticationManagerBuilder auth, + ApiKeyAuthenticationProvider apiKeyAuthenticationProvider) { auth.authenticationProvider(apiKeyAuthenticationProvider); } -} +} \ No newline at end of file diff --git a/paladins-webservice/src/main/resources/application.properties b/paladins-webservice/src/main/resources/application.properties index e09a979..fa52283 100644 --- a/paladins-webservice/src/main/resources/application.properties +++ b/paladins-webservice/src/main/resources/application.properties @@ -18,7 +18,8 @@ spring.data.redis.port=6379 # Hurensohn spring.main.allow-circular-references=true # API-Requests -web.authentication.apikey=API-KEY +api.key=THV6aSBpc3QgZWluIFPDvMOfaQ== +api.key.header=API-KEY # API-Paths api.match=api/match api.match.count=api/match/count \ No newline at end of file