diff --git a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfig.java b/src/main/java/org/kickerelo/kickerelo/config/SecurityConfig.java deleted file mode 100644 index 10b0d45..0000000 --- a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfig.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.kickerelo.kickerelo.config; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; -import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService; -import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; -import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; - -@Profile("prod") -@Configuration -public class SecurityConfig { - @Bean - public OAuth2AuthorizedClientService authorizedClientService( - JdbcTemplate jdbcTemplate, - ClientRegistrationRepository clientRegistrationRepository) { - return new JdbcOAuth2AuthorizedClientService(jdbcTemplate, clientRegistrationRepository); - } -} diff --git a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java b/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java index 8526411..226f435 100644 --- a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java +++ b/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java @@ -1,15 +1,11 @@ package org.kickerelo.kickerelo.config; -import java.security.SecureRandom; -import java.util.Base64; - import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import com.vaadin.flow.spring.security.VaadinWebSecurity; import org.springframework.security.oauth2.client.*; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager; @@ -19,28 +15,6 @@ import org.springframework.security.web.SecurityFilterChain; @Profile("prod") @Configuration class SecurityConfiguration { - - private final OAuth2AuthorizedClientService authorizedClientService; - - // Inject the persistent authorized client service we configured previously - public SecurityConfiguration(OAuth2AuthorizedClientService authorizedClientService) { - this.authorizedClientService = authorizedClientService; - } - - private static String rememberMeSecret = null; - - protected void configure(HttpSecurity http) throws Exception { - if (rememberMeSecret == null) rememberMeSecret = generateSecret(); - - http.authorizeHttpRequests(auth -> auth - .requestMatchers("/app/admin/**", "/app/admin", "/app/app/admin/**", "/app/app/admin").hasAuthority("Kicker Admin") - .anyRequest().permitAll()) - .oauth2Login(org.springframework.security.config.Customizer.withDefaults()) - .logout(logout -> logout.logoutSuccessUrl("/")) - .csrf(csrf -> csrf.disable()); - } - - @Bean public OAuth2AuthorizedClientManager authorizedClientManager( ClientRegistrationRepository clientRegistrationRepository, @@ -73,10 +47,10 @@ class SecurityConfiguration { return http.build(); } - private String generateSecret() { - SecureRandom random = new SecureRandom(); - byte[] bytes = new byte[24]; - random.nextBytes(bytes); - return Base64.getEncoder().encodeToString(bytes); + @Bean + public OAuth2AuthorizedClientService authorizedClientService( + JdbcTemplate jdbcTemplate, + ClientRegistrationRepository clientRegistrationRepository) { + return new JdbcOAuth2AuthorizedClientService(jdbcTemplate, clientRegistrationRepository); } }