fix(authn): Move Fiat session filter later in the chain, bump Fiat AP…

…I to fix 404 issue (#372)
spinnaker · Apr 5, 2017 · cc12650 · cc12650
1 parent 78b1dab
commit cc12650
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/gate-web/gate-web.gradle b/gate-web/gate-web.gradle
@@ -29,7 +29,7 @@ dependencies {
   compile spinnaker.dependency("korkWeb")
   compile spinnaker.dependency("frigga")
   compile spinnaker.dependency('cglib')
-  compile "com.netflix.spinnaker.fiat:fiat-api:0.24.0"
+  compile "com.netflix.spinnaker.fiat:fiat-api:0.25.0"
 
   compile('com.github.kstyrc:embedded-redis:0.6')
   compile('org.springframework.session:spring-session-data-redis:1.1.1.RELEASE')

diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy
@@ -36,6 +36,7 @@ import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.SecurityBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.core.Authentication
+import org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
 import org.springframework.security.web.session.ConcurrentSessionFilter
@@ -88,7 +89,7 @@ class AuthConfig {
         .antMatchers('/health').permitAll()
         .antMatchers('/**').authenticated()
         .and()
-      .addFilterAfter(new FiatSessionFilter(configProps, permissionEvaluator), ConcurrentSessionFilter.class)
+      .addFilterBefore(new FiatSessionFilter(configProps, permissionEvaluator), AnonymousAuthenticationFilter.class)
       .logout()
         .logoutUrl("/auth/logout")
         .logoutSuccessHandler(permissionRevokingLogoutSuccessHandler)