Closed rixlabs closed 8 years ago
akirasosa
commented
8 years ago @rixlabs Please let me confirm.
What was the problem? How can I reproduce the problem?
Here is my understanding.
No class did not inject StatelessAuthenticationFilter by using the bean definition from the beginning. So, I think that you just removed unused @Bean. It does not make any change.
akirasosa
commented
8 years ago @rixlabs I have found only one problem in pull #5 . When user entered wrong email/password, it returns 403. But it returned 401 before it. Does it related with your problem?
rixlabs
commented
8 years ago Use the actual master and try to access a resource like /api/users/1 without token, it returns 500.
With your config it should work even without due to the anonymous you put in the config.
http
.exceptionHandling().and()
.anonymous().and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.headers().cacheControl()
;Defining the filter as Bean make some wired changes to the filter chain. I really can't explain.
With this review you can access the resources even with anonymous without error 500
akirasosa
commented
8 years ago @rixlabs I see. I understand the problem. I will take a look at it too. Thanks,
akirasosa
commented
8 years ago @rixlabs I have found a solution. http://stackoverflow.com/questions/28421966/prevent-spring-boot-from-registering-a-servlet-filter/28428154#28428154
This is my fix. https://github.com/springboot-angular2-tutorial/boot-app/commit/aab52e40822b02b22a2ff96b90496b65cbd2eb45
Your way is OK too. But I selected a way to keep using @Bean.
I close this pull. Really thanks for your help!
I don't know why but defining the filter as bean create a lot of problem with the context holder.
I tried to debug the middleware but at a certain point the security context holder loosed the Anonymous login toen and returned Null Authentication.
I can't find a solution so I reverted the configuration to a norma encapsulation of the tokenservice.
Let me know if you have a better solution