diff --git a/autograde-service/src/main/java/ch/epfl/autograde/auth/token/SharedSecretConfigurer.java b/autograde-service/src/main/java/ch/epfl/autograde/auth/token/SharedSecretConfigurer.java index b5043104010e685551e1b81edd4c8d6c52772891..aff00633319fe11f9dce091c1bec6d69c453689e 100644 --- a/autograde-service/src/main/java/ch/epfl/autograde/auth/token/SharedSecretConfigurer.java +++ b/autograde-service/src/main/java/ch/epfl/autograde/auth/token/SharedSecretConfigurer.java @@ -1,5 +1,6 @@ package ch.epfl.autograde.auth.token; +import lombok.RequiredArgsConstructor; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -9,10 +10,11 @@ import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.util.matcher.AnyRequestMatcher; -import org.springframework.security.web.util.matcher.RequestMatcher; +@RequiredArgsConstructor +public final class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<HttpBasicConfigurer<B>, B> { -public class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<HttpBasicConfigurer<B>, B> { + private final AuthenticationManager manager; private final AuthenticationEntryPoint authenticationEntryPoint = new SharedSecretEntryPoint(); @@ -27,7 +29,6 @@ public class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends Ab @Override public void configure(B http) { - final var manager = http.getSharedObject(AuthenticationManager.class); final var filter = new ShareSecretFilter(manager, this.authenticationEntryPoint); final var rememberMe = http.getSharedObject(RememberMeServices.class); if (rememberMe != null) @@ -36,13 +37,5 @@ public class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends Ab http.addFilterBefore(postProcess(filter), BasicAuthenticationFilter.class); } - private void registerDefaultEntryPoint(B http, RequestMatcher preferredMatcher) { - final var exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class); - if (exceptionHandling == null) { - return; - } - exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(this.authenticationEntryPoint), preferredMatcher); - } - } diff --git a/autograde-service/src/main/java/ch/epfl/autograde/config/SecurityConfig.java b/autograde-service/src/main/java/ch/epfl/autograde/config/SecurityConfig.java index 1edda7f24421b7cf343ab4669fdf5b2f508b828d..3353156128e10053311c79376aa12ebe9110e16b 100644 --- a/autograde-service/src/main/java/ch/epfl/autograde/config/SecurityConfig.java +++ b/autograde-service/src/main/java/ch/epfl/autograde/config/SecurityConfig.java @@ -13,6 +13,7 @@ import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.ldap.core.support.BaseLdapPathContextSource; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.ProviderManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -45,14 +46,17 @@ public class SecurityConfig { */ @Bean @Order(1) - public SecurityFilterChain filterChain(HttpSecurity http, ShareSecretAuthenticationProvider provider) throws Exception { + public SecurityFilterChain filterChain(HttpSecurity http, + ShareSecretAuthenticationProvider provider, + @Qualifier("ldapAuthenticationManager") AuthenticationManager manager + ) throws Exception { return http .securityMatcher("/api/**") - .with(new SharedSecretConfigurer<>(), withDefaults()) - .authenticationProvider(provider) + .with(new SharedSecretConfigurer<>(new ProviderManager(provider)), withDefaults()) + .httpBasic(withDefaults()) + .authenticationManager(manager) .csrf(AbstractHttpConfigurer::disable) .anonymous(AbstractHttpConfigurer::disable) - .httpBasic(AbstractHttpConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) .sessionManagement(AbstractHttpConfigurer::disable) .requestCache(RequestCacheConfigurer::disable)