ajustes para requisições funcionarem

emerson-diego · Mar 26, 2020 · a08f408 · a08f408
1 parent 88ee6fc
commit a08f408
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 63 deletions.
diff --git a/src/main/java/br/com/alura/forum/config/security/AutenticacaoViaTokenFilter.java b/src/main/java/br/com/alura/forum/config/security/AutenticacaoViaTokenFilter.java
@@ -15,42 +15,57 @@
 import br.com.alura.forum.repository.UsuarioRepository;
 
 public class AutenticacaoViaTokenFilter extends OncePerRequestFilter {
-
-	private TokenService tokenService;
-	private UsuarioRepository repository;
-
-	public AutenticacaoViaTokenFilter(TokenService tokenService, UsuarioRepository repository) {
-		this.tokenService = tokenService;
-		this.repository = repository;
-	}
-
-	@Override
-	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-			throws ServletException, IOException {
-
-		String token = recuperarToken(request);
-		boolean valido = tokenService.isTokenValido(token);
-		if (valido) {
-			autenticarCliente(token);
-		}
-
-		filterChain.doFilter(request, response);
-	}
-
-	private void autenticarCliente(String token) {
-		Long idUsuario = tokenService.getIdUsuario(token);
-		Usuario usuario = repository.findById(idUsuario).get();
-		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(usuario, null, usuario.getAuthorities());
-		SecurityContextHolder.getContext().setAuthentication(authentication);
-	}
-
-	private String recuperarToken(HttpServletRequest request) {
-		String token = request.getHeader("Authorization");
-		if (token == null || token.isEmpty() || !token.startsWith("Bearer ")) {
-			return null;
-		}
-
-		return token.substring(7, token.length());
-	}
+
+    private TokenService tokenService;
+    private UsuarioRepository repository;
+
+    public AutenticacaoViaTokenFilter(TokenService tokenService, UsuarioRepository repository) {
+        this.tokenService = tokenService;
+        this.repository = repository;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        System.out.println("WebConfig; " + request.getRequestURI());
+        // request.setHeader("Bearer
+        // eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBUEkgZG8gRsOzcnVtIGRhIEFsdXJhIiwic3ViIjoiMSIsImlhdCI6MTU4NTE4NTI5NywiZXhwIjoxNTg1MjcxNjk3fQ.ZvgVjw2yH9Sd-s26XDjui1WX2XqV8uI3M71aXeIXZIk")
+        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Allow-Headers",
+                "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With,observe");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Expose-Headers", "Authorization");
+        response.addHeader("Access-Control-Expose-Headers", "responseType");
+        response.addHeader("Access-Control-Expose-Headers", "observe");
+        System.out.println("Request Method: " + request.getMethod());
+
+        String token = recuperarToken(request);
+        boolean valido = tokenService.isTokenValido(token);
+        if (valido) {
+            autenticarCliente(token);
+        }
+
+        filterChain.doFilter(request, response);
+    }
+
+    private void autenticarCliente(String token) {
+        Long idUsuario = tokenService.getIdUsuario(token);
+        Usuario usuario = repository.findById(idUsuario).get();
+        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(usuario, null,
+                usuario.getAuthorities());
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+    }
+
+    private String recuperarToken(HttpServletRequest request) {
+        String token = request.getHeader("Authorization");
+        if (token == null || token.isEmpty() || !token.startsWith("Bearer ")) {
+            return null;
+        }
+
+        return token.substring(7, token.length());
+    }
 
 }
diff --git a/src/main/java/br/com/alura/forum/config/security/CorsConfiguration.java b/src/main/java/br/com/alura/forum/config/security/CorsConfiguration.java
diff --git a/src/main/java/br/com/alura/forum/config/security/SecurityConfigurations.java b/src/main/java/br/com/alura/forum/config/security/SecurityConfigurations.java
@@ -46,9 +46,9 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests().antMatchers(HttpMethod.GET, "/topicos").permitAll()
                 .antMatchers(HttpMethod.GET, "/topicos/*").permitAll().antMatchers(HttpMethod.POST, "/auth").permitAll()
-                .antMatchers(HttpMethod.GET, "/actuator/**").permitAll().antMatchers(HttpMethod.GET, "/vets/**")
-                .permitAll().antMatchers(HttpMethod.GET, "/api/vets/**").permitAll().anyRequest().authenticated().and()
-                .csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+                .antMatchers(HttpMethod.GET, "/actuator/**").permitAll().antMatchers(HttpMethod.OPTIONS, "/**")
+                .permitAll().anyRequest().authenticated().and().csrf().disable().sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                 .addFilterBefore(new AutenticacaoViaTokenFilter(tokenService, usuarioRepository),
                         UsernamePasswordAuthenticationFilter.class);
     }