diff --git a/rsc/application.properties.dist b/rsc/application.properties.dist index 7914e19a..0807834b 100644 --- a/rsc/application.properties.dist +++ b/rsc/application.properties.dist @@ -12,6 +12,8 @@ server.servlet.session.cookie.http-only=true #server.servlet.session.cookie.secure=true # only over HTTPS spring.pid.fail-on-write-error=true spring.pid.file=OH_API_PID +spring.mustache.check-template-location=false +spring.jpa.open-in-view=false ### In production change to http:// cors.allowed.origins=http://API_HOST:API_PORT,http://UI_HOST:UI_PORT diff --git a/src/main/java/org/isf/config/SecurityConfig.java b/src/main/java/org/isf/config/SecurityConfig.java index b65f8be6..c8bd41a2 100644 --- a/src/main/java/org/isf/config/SecurityConfig.java +++ b/src/main/java/org/isf/config/SecurityConfig.java @@ -36,12 +36,10 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; -import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; @@ -56,9 +54,6 @@ @EnableWebSecurity public class SecurityConfig { - @Autowired - private UserDetailsService userDetailsService; - private final TokenProvider tokenProvider; @Autowired @@ -75,14 +70,6 @@ public SecurityConfig(TokenProvider tokenProvider, PermissionManager permissionM @Autowired private CustomLogoutHandler customLogoutHandler; - @Bean - public DaoAuthenticationProvider authenticationProvider() { - DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); - authProvider.setUserDetailsService(userDetailsService); - authProvider.setPasswordEncoder(encoder()); - return authProvider; - } - @Bean public PasswordEncoder encoder() { return new BCryptPasswordEncoder(); diff --git a/src/main/java/org/isf/security/jwt/TokenProvider.java b/src/main/java/org/isf/security/jwt/TokenProvider.java index c05b840c..895c8116 100644 --- a/src/main/java/org/isf/security/jwt/TokenProvider.java +++ b/src/main/java/org/isf/security/jwt/TokenProvider.java @@ -79,7 +79,7 @@ public class TokenProvider implements Serializable { @PostConstruct public void init() { String secret = env.getProperty("jwt.token.secret"); - LOGGER.info("Initializing JWT key with secret: {}", secret); + LOGGER.debug("Initializing JWT key with secret: {}", secret); byte[] keyBytes = secret.getBytes(StandardCharsets.UTF_8); this.key = Keys.hmacShaKeyFor(keyBytes); @@ -131,8 +131,8 @@ public Boolean isTokenExpired(String token) { public String generateJwtToken(Authentication authentication, boolean rememberMe) { final String authorities = authentication.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.joining(",")); + .map(GrantedAuthority::getAuthority) + .collect(Collectors.joining(",")); long now = System.currentTimeMillis(); Date validity; @@ -143,21 +143,21 @@ public String generateJwtToken(Authentication authentication, boolean rememberMe } return Jwts.builder() - .setSubject(authentication.getName()) - .claim(AUTHORITIES_KEY, authorities) - .setIssuedAt(new Date()) - .signWith(key, SignatureAlgorithm.HS512) - .setExpiration(validity) - .compact(); + .setSubject(authentication.getName()) + .claim(AUTHORITIES_KEY, authorities) + .setIssuedAt(new Date()) + .signWith(key, SignatureAlgorithm.HS512) + .setExpiration(validity) + .compact(); } public String generateRefreshToken(Authentication authentication) { return Jwts.builder() - .setSubject(authentication.getName()) - .setIssuedAt(new Date()) - .signWith(key, SignatureAlgorithm.HS512) - .setExpiration(new Date(System.currentTimeMillis() + this.tokenValidityInMillisecondsForRememberMe)) - .compact(); + .setSubject(authentication.getName()) + .setIssuedAt(new Date()) + .signWith(key, SignatureAlgorithm.HS512) + .setExpiration(new Date(System.currentTimeMillis() + this.tokenValidityInMillisecondsForRememberMe)) + .compact(); } public Authentication getAuthentication(String token) { @@ -173,8 +173,8 @@ public Authentication getAuthentication(String token) { } final Collection< ? extends GrantedAuthority> authorities = Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(",")) - .map(SimpleGrantedAuthority::new) - .collect(Collectors.toList()); + .map(SimpleGrantedAuthority::new) + .collect(Collectors.toList()); User principal = new User(claims.getSubject(), "", authorities);