Example 1 with RecaptchaFilter
use of io.gravitee.rest.api.security.filter.RecaptchaFilter in project gravitee-management-rest-api by gravitee-io.
the class BasicSecurityConfigurerAdapter method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
final String jwtSecret = environment.getProperty("jwt.secret");
if (jwtSecret == null || jwtSecret.isEmpty()) {
throw new IllegalStateException("JWT secret is mandatory");
}
// Warning if the secret is still the default one
if ("myJWT4Gr4v1t33_S3cr3t".equals(jwtSecret)) {
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("# SECURITY WARNING #");
LOGGER.warn("##############################################################");
LOGGER.warn("");
LOGGER.warn("You still use the default jwt secret.");
LOGGER.warn("This known secret can be used to impersonate anyone.");
LOGGER.warn("Please change this value, or ask your administrator to do it !");
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("");
}
authentication(http);
session(http);
authorizations(http);
hsts(http);
csrf(http);
cors(http);
http.addFilterBefore(new TokenAuthenticationFilter(jwtSecret, cookieGenerator, userService, tokenService, authoritiesProvider), BasicAuthenticationFilter.class);
http.addFilterBefore(new RecaptchaFilter(reCaptchaService, objectMapper), TokenAuthenticationFilter.class);
}
Also used :
TokenAuthenticationFilter(io.gravitee.rest.api.security.filter.TokenAuthenticationFilter)
RecaptchaFilter(io.gravitee.rest.api.security.filter.RecaptchaFilter)
Example 2 with RecaptchaFilter
use of io.gravitee.rest.api.security.filter.RecaptchaFilter in project gravitee-management-rest-api by gravitee-io.
the class BasicSecurityConfigurerAdapter method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
final String jwtSecret = environment.getProperty("jwt.secret");
if (jwtSecret == null || jwtSecret.isEmpty()) {
throw new IllegalStateException("JWT secret is mandatory");
}
// Warning if the secret is still the default one
if ("myJWT4Gr4v1t33_S3cr3t".equals(jwtSecret)) {
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("# SECURITY WARNING #");
LOGGER.warn("##############################################################");
LOGGER.warn("");
LOGGER.warn("You still use the default jwt secret.");
LOGGER.warn("This known secret can be used to impersonate anyone.");
LOGGER.warn("Please change this value, or ask your administrator to do it !");
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("");
}
authentication(http);
session(http);
authorizations(http);
hsts(http);
csrf(http);
cors(http);
http.addFilterBefore(new TokenAuthenticationFilter(jwtSecret, cookieGenerator, null, null, authoritiesProvider), BasicAuthenticationFilter.class);
http.addFilterBefore(new RecaptchaFilter(reCaptchaService, objectMapper), TokenAuthenticationFilter.class);
}
Also used :
TokenAuthenticationFilter(io.gravitee.rest.api.security.filter.TokenAuthenticationFilter)
RecaptchaFilter(io.gravitee.rest.api.security.filter.RecaptchaFilter)
Aggregations
RecaptchaFilter (io.gravitee.rest.api.security.filter.RecaptchaFilter)2
TokenAuthenticationFilter (io.gravitee.rest.api.security.filter.TokenAuthenticationFilter)2
