dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added corresponding tests and refactoring

Browse Source
This commit is contained in:
YevhenBondarenko 2024-04-29 22:58:11 +02:00
parent 1074ee8682
commit 0ffd0cca40
2 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
View File

@ -202,12 +202,7 @@ public class ThingsboardSecurityConfiguration {
@Bean @Bean
@Order(1) @Order(1)
public SecurityFilterChain noAuthFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain noAuthFilterChain(HttpSecurity http) throws Exception {
http.headers(headers -> headers configureCommonHttpSecurity(http)
.cacheControl(config -> {})
.frameOptions(config -> {}).disable())
.cors(cors -> {})
.csrf(AbstractHttpConfigurer::disable)
.exceptionHandling(config -> {})
.securityMatchers(config -> config .securityMatchers(config -> config
.requestMatchers( .requestMatchers(
DEVICE_API_ENTRY_POINT, // Device HTTP Transport API DEVICE_API_ENTRY_POINT, // Device HTTP Transport API
@ -225,21 +220,8 @@ public class ThingsboardSecurityConfiguration {
@Bean @Bean
@Order(2) @Order(2)
SecurityFilterChain authFilterChain(HttpSecurity http) throws Exception { SecurityFilterChain authFilterChain(HttpSecurity http) throws Exception {
http.headers(headers -> headers configureCommonHttpSecurity(http)
.cacheControl(config -> {}) .securityMatcher(TOKEN_BASED_AUTH_ENTRY_POINT); // Protected API End-points
.frameOptions(config -> {}).disable())
.cors(cors -> {})
.csrf(AbstractHttpConfigurer::disable)
.exceptionHandling(config -> {})
.sessionManagement(config -> config.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.securityMatcher(TOKEN_BASED_AUTH_ENTRY_POINT) // Protected API End-points
.authorizeHttpRequests(config -> config.anyRequest().authenticated())
.exceptionHandling(config -> config.accessDeniedHandler(restAccessDeniedHandler))
.addFilterBefore(buildRestLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildRestPublicLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(rateLimitProcessingFilter, UsernamePasswordAuthenticationFilter.class);
if (oauth2Configuration != null) { if (oauth2Configuration != null) {
http.oauth2Login(login -> login http.oauth2Login(login -> login
.authorizationEndpoint(config -> config .authorizationEndpoint(config -> config
@ -253,6 +235,21 @@ public class ThingsboardSecurityConfiguration {
return http.build(); return http.build();
} }
private HttpSecurity configureCommonHttpSecurity(HttpSecurity http) throws Exception {
return http.headers(headers -> headers
.cacheControl(config -> {})
.frameOptions(config -> {}).disable())
.cors(cors -> {})
.csrf(AbstractHttpConfigurer::disable)
.exceptionHandling(config -> {})
.sessionManagement(config -> config.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.addFilterBefore(buildRestLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildRestPublicLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(rateLimitProcessingFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean @Bean
@ConditionalOnMissingBean(CorsFilter.class) @ConditionalOnMissingBean(CorsFilter.class)
public CorsFilter corsFilter(@Autowired MvcCorsProperties mvcCorsProperties) { public CorsFilter corsFilter(@Autowired MvcCorsProperties mvcCorsProperties) {

6
application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
View File

@ -167,4 +167,10 @@ public class AuthControllerTest extends AbstractControllerTest {
.andExpect(jsonPath("$.message", .andExpect(jsonPath("$.message",
is("Password must be no more than 72 characters in length."))); is("Password must be no more than 72 characters in length.")));
} }
@Test
public void testGetPageWithoutRedirect() throws Exception {
doGet("/login").andExpect(status().isOk());
doGet("/home").andExpect(status().isOk());
}
} }