#554 refactor web security config

alfio-event · Nov 26, 2018 · 346d92f · 346d92f
1 parent c742e80
commit 346d92f
Showing 1 changed file with 26 additions and 31 deletions.
diff --git a/src/main/java/alfio/config/WebSecurityConfig.java b/src/main/java/alfio/config/WebSecurityConfig.java
@@ -86,23 +86,6 @@ public class WebSecurityConfig {
     private static final String API_CLIENT = "API_CLIENT";
     private static final String X_REQUESTED_WITH = "X-Requested-With";
 
-
-    private static class BaseWebSecurity extends  WebSecurityConfigurerAdapter {
-
-        @Autowired
-        private DataSource dataSource;
-        @Autowired
-        private PasswordEncoder passwordEncoder;
-
-        @Override
-        public void configure(AuthenticationManagerBuilder auth) throws Exception {
-            auth.jdbcAuthentication().dataSource(dataSource)
-                    .usersByUsernameQuery("select username, password, enabled from ba_user where username = ?")
-                    .authoritiesByUsernameQuery("select username, role from authority where username = ?")
-                    .passwordEncoder(passwordEncoder);
-        }
-    }
-
     private static class APIKeyAuthFilter extends AbstractPreAuthenticatedProcessingFilter {
 
         @Override
@@ -148,6 +131,14 @@ public WrongAccountTypeException(String msg) {
         }
     }
 
+    @Bean
+    public CsrfTokenRepository getCsrfTokenRepository() {
+        HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
+        repository.setSessionAttributeName(CSRF_SESSION_ATTRIBUTE);
+        repository.setParameterName(CSRF_PARAM_NAME);
+        return repository;
+    }
+
     @Configuration
     @Order(0)
     public static class APITokenAuthWebSecurity extends WebSecurityConfigurerAdapter {
@@ -212,7 +203,7 @@ private static boolean isTokenAuthentication(HttpServletRequest request) {
      */
     @Configuration
     @Order(1)
-    public static class FormBasedWebSecurity extends BaseWebSecurity {
+    public static class FormBasedWebSecurity extends WebSecurityConfigurerAdapter {
 
         @Autowired
         private Environment environment;
@@ -222,15 +213,25 @@ public static class FormBasedWebSecurity extends BaseWebSecurity {
 
         @Autowired
         private RecaptchaService recaptchaService;
+
         @Autowired
         private ConfigurationManager configurationManager;
 
-        @Bean
-        public CsrfTokenRepository getCsrfTokenRepository() {
-            HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
-            repository.setSessionAttributeName(CSRF_SESSION_ATTRIBUTE);
-            repository.setParameterName(CSRF_PARAM_NAME);
-            return repository;
+        @Autowired
+        private CsrfTokenRepository csrfTokenRepository;
+
+        @Autowired
+        private DataSource dataSource;
+
+        @Autowired
+        private PasswordEncoder passwordEncoder;
+
+        @Override
+        public void configure(AuthenticationManagerBuilder auth) throws Exception {
+            auth.jdbcAuthentication().dataSource(dataSource)
+                .usersByUsernameQuery("select username, password, enabled from ba_user where username = ?")
+                .authoritiesByUsernameQuery("select username, role from authority where username = ?")
+                .passwordEncoder(passwordEncoder);
         }
 
         @Override
@@ -284,7 +285,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
             };
 
-            configurer.csrfTokenRepository(getCsrfTokenRepository())
+            configurer.csrfTokenRepository(csrfTokenRepository)
                 .and()
                 .authorizeRequests()
                 .antMatchers(ADMIN_API + "/configuration/**", ADMIN_API + "/users/**").hasAnyRole(ADMIN, OWNER)
@@ -380,10 +381,4 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             }
         }
     }
-
-
-
-
-
-
 }