diff --git a/psi-probe-core/src/main/java/psiprobe/ProbeSecurityConfig.java b/psi-probe-core/src/main/java/psiprobe/ProbeSecurityConfig.java index 869fc04e49..fc6a253b55 100644 --- a/psi-probe-core/src/main/java/psiprobe/ProbeSecurityConfig.java +++ b/psi-probe-core/src/main/java/psiprobe/ProbeSecurityConfig.java @@ -30,9 +30,9 @@ import org.springframework.security.access.vote.RoleVoter; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper; -import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.ExceptionTranslationFilter; @@ -46,7 +46,8 @@ import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource; import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter; import org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever; -import org.springframework.security.web.context.SecurityContextPersistenceFilter; +import org.springframework.security.web.context.HttpSessionSecurityContextRepository; +import org.springframework.security.web.context.SecurityContextHolderFilter; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -59,17 +60,32 @@ @EnableWebSecurity public class ProbeSecurityConfig { + /** + * Gets the security filter chain. + * + * @param http the http + * @return the security filter chain + * @throws Exception the exception + */ + @Bean(name = "securityFilterChain") + public SecurityFilterChain getSecurityFilterChain(HttpSecurity http) throws Exception { + http.authorizeHttpRequests().requestMatchers("/**").permitAll().and() + .addFilter(getSecurityContextHolderFilter()) + .addFilter(getJ2eePreAuthenticatedProcessingFilter()).addFilter(getLogoutFilter()) + .addFilter(getExceptionTranslationFilter()).addFilter(getFilterSecurityInterceptor()); + return http.build(); + } + /** * Gets the filter chain proxy. * + * @param http the http * @return the filter chain proxy + * @throws Exception the exception */ @Bean(name = "filterChainProxy") - public FilterChainProxy getFilterChainProxy() { - SecurityFilterChain chain = new DefaultSecurityFilterChain(new AntPathRequestMatcher("/**"), - getSecurityContextPersistenceFilter(), getJ2eePreAuthenticatedProcessingFilter(), - getLogoutFilter(), getExceptionTranslationFilter(), getFilterSecurityInterceptor()); - return new FilterChainProxy(chain); + public FilterChainProxy getFilterChainProxy(HttpSecurity http) throws Exception { + return new FilterChainProxy(getSecurityFilterChain(http)); } /** @@ -85,13 +101,13 @@ public ProviderManager getProviderManager() { } /** - * Gets the security context persistence filter. + * Gets the security context holder filter. * - * @return the security context persistence filter + * @return the security context holder filter */ - @Bean(name = "sif") - public SecurityContextPersistenceFilter getSecurityContextPersistenceFilter() { - return new SecurityContextPersistenceFilter(); + @Bean(name = "securityContextHolderFilter") + public SecurityContextHolderFilter getSecurityContextHolderFilter() { + return new SecurityContextHolderFilter(new HttpSessionSecurityContextRepository()); } /**