diff --git a/src/main/java/com/lpvs/config/SecurityConfig.java b/src/main/java/com/lpvs/config/SecurityConfig.java index 060189d5..8374dc56 100644 --- a/src/main/java/com/lpvs/config/SecurityConfig.java +++ b/src/main/java/com/lpvs/config/SecurityConfig.java @@ -12,16 +12,16 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; -import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; @@ -73,53 +73,58 @@ public class SecurityConfig { */ @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.cors() - .and() - .csrf() - .disable() - .headers() - .frameOptions() - .disable() - .and() - .logout() - .logoutRequestMatcher(new AntPathRequestMatcher("/oauth/logout")) - .logoutSuccessUrl(frontendMainPageUrl) - .invalidateHttpSession(true) - .clearAuthentication(true) - .and() - .authorizeRequests() - .anyRequest() - .permitAll() - .and() - .oauth2Login() - .successHandler( - new AuthenticationSuccessHandler() { - @Value("${frontend.main-page.url:}") - private String frontendMainPageUrl; + http.cors( + cors -> + cors.configurationSource( + request -> + new CorsConfiguration().applyPermitDefaultValues())) + .csrf(AbstractHttpConfigurer::disable) + .headers( + headers -> + headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .logout( + logout -> + logout.logoutRequestMatcher( + new AntPathRequestMatcher("/oauth/logout")) + .logoutSuccessUrl(frontendMainPageUrl) + .invalidateHttpSession(true) + .clearAuthentication(true)) + .authorizeHttpRequests(authz -> authz.anyRequest().permitAll()) + .oauth2Login( + login -> + login.successHandler( + new AuthenticationSuccessHandler() { + @Value("${frontend.main-page.url:}") + private String frontendMainPageUrl; - private String REDIRECT_URI = frontendMainPageUrl + "/login/callback"; + private final String REDIRECT_URI = + frontendMainPageUrl + "/login/callback"; - @Override - public void onAuthenticationSuccess( - HttpServletRequest request, - HttpServletResponse response, - Authentication authentication) - throws IOException, ServletException { - OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal(); - System.out.println("oAuth2User = " + oAuth2User); - - response.sendRedirect( - UriComponentsBuilder.fromUriString(REDIRECT_URI) - .queryParam("accessToken", "accessToken") - .queryParam("refreshToken", "refreshToken") - .build() - .encode(StandardCharsets.UTF_8) - .toUriString()); - } - }) - .defaultSuccessUrl(frontendMainPageUrl, true) - .userInfoEndpoint() - .userService(oAuthService); + @Override + public void onAuthenticationSuccess( + HttpServletRequest request, + HttpServletResponse response, + Authentication authentication) + throws IOException { + response.sendRedirect( + UriComponentsBuilder.fromUriString( + REDIRECT_URI) + .queryParam( + "accessToken", + "accessToken") + .queryParam( + "refreshToken", + "refreshToken") + .build() + .encode( + StandardCharsets + .UTF_8) + .toUriString()); + } + }) + .defaultSuccessUrl(frontendMainPageUrl, true) + .userInfoEndpoint( + userInfo -> userInfo.userService(oAuthService))); return http.build(); } diff --git a/src/main/java/com/lpvs/entity/report/LPVSReportBuilder.java b/src/main/java/com/lpvs/entity/report/LPVSReportBuilder.java index 468abd58..fa78efb9 100644 --- a/src/main/java/com/lpvs/entity/report/LPVSReportBuilder.java +++ b/src/main/java/com/lpvs/entity/report/LPVSReportBuilder.java @@ -37,6 +37,7 @@ */ @Component @Slf4j +@SuppressWarnings("unchecked") public class LPVSReportBuilder { /** diff --git a/src/test/java/com/lpvs/LicensePreValidationServiceTest.java b/src/test/java/com/lpvs/LicensePreValidationServiceTest.java index 4e28bcab..4f2716f5 100644 --- a/src/test/java/com/lpvs/LicensePreValidationServiceTest.java +++ b/src/test/java/com/lpvs/LicensePreValidationServiceTest.java @@ -24,6 +24,7 @@ import static org.mockito.Mockito.*; import static org.mockito.Mockito.verify; +@SuppressWarnings("unchecked") public class LicensePreValidationServiceTest { LicensePreValidationService licensePreValidationService; diff --git a/src/test/java/com/lpvs/service/OAuthServiceTest.java b/src/test/java/com/lpvs/service/OAuthServiceTest.java index 54a53ac7..f45ecf1f 100644 --- a/src/test/java/com/lpvs/service/OAuthServiceTest.java +++ b/src/test/java/com/lpvs/service/OAuthServiceTest.java @@ -38,9 +38,11 @@ public void testLoadUser() throws OAuth2AuthenticationException { ClientRegistration.withRegistrationId("google") .userInfoUri("https://example.com/userinfo") .userNameAttributeName("email") - .authorizationGrantType(AuthorizationGrantType.PASSWORD) + .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .clientId("id") .tokenUri("https://example.com/tokenuri") + .redirectUri("https://example.com/redirecturi") + .authorizationUri("https://example.com/authorizationuri") .build(); OAuth2UserRequest userRequest = new OAuth2UserRequest(