From ff5eb791790f4744ae9545f4fd9ee17ac518f5b1 Mon Sep 17 00:00:00 2001
From: usbharu <64310155+usbharu@users.noreply.github.com>
Date: Sat, 21 Oct 2023 15:12:31 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20Signature=E3=83=98=E3=83=83=E3=83=80?=
 =?UTF-8?q?=E3=83=BC=E3=81=8C=E5=AD=98=E5=9C=A8=E3=81=99=E3=82=8B=E3=81=8C?=
 =?UTF-8?q?=E3=80=81=E8=AA=8D=E8=A8=BC=E3=81=AB=E5=A4=B1=E6=95=97=E3=81=97?=
 =?UTF-8?q?=E3=81=9F=E3=81=A8=E3=81=8D=E3=81=AF401=E3=82=92=E8=BF=94?=
 =?UTF-8?q?=E3=81=99=E3=82=88=E3=81=86=E3=81=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../usbharu/hideout/config/SecurityConfig.kt  | 31 +++++++++++--------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
index 6e88e8e1..8d069735 100644
--- a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
@@ -46,11 +46,13 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
 import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer
 import org.springframework.security.web.SecurityFilterChain
-import org.springframework.security.web.WebAttributes
+import org.springframework.security.web.access.ExceptionTranslationFilter
+import org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
 import org.springframework.security.web.authentication.HttpStatusEntryPoint
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
+import org.springframework.security.web.util.matcher.AnyRequestMatcher
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector
 import java.security.KeyPairGenerator
 import java.security.interfaces.RSAPrivateKey
@@ -58,7 +60,7 @@ import java.security.interfaces.RSAPublicKey
 import java.util.*
 
 
-@EnableWebSecurity(debug = true)
+@EnableWebSecurity(debug = false)
 @Configuration
 @Suppress("FunctionMaxLength", "TooManyFunctions")
 class SecurityConfig {
@@ -77,6 +79,10 @@ class SecurityConfig {
 
             .securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
             .addFilter(httpSignatureFilter)
+            .addFilterBefore(
+                ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
+                HttpSignatureFilter::class.java
+            )
             .authorizeHttpRequests {
                 it.anyRequest().permitAll()
             }
@@ -85,6 +91,10 @@ class SecurityConfig {
             }
             .exceptionHandling {
                 it.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
+                it.defaultAuthenticationEntryPointFor(
+                    HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
+                    AnyRequestMatcher.INSTANCE
+                )
             }
             .sessionManagement {
                 it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@@ -97,17 +107,12 @@ class SecurityConfig {
     fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter {
         val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
         httpSignatureFilter.setAuthenticationManager(authenticationManager)
-        httpSignatureFilter.setAuthenticationFailureHandler { request, response, exception ->
-            println(response::class.java)
-            if (response.isCommitted) {
-                return@setAuthenticationFailureHandler
-            }
-            response.setStatus(HttpStatus.UNAUTHORIZED.value())
-            request.getSession(false)?.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)
-            response.outputStream.close()
-        }
-        httpSignatureFilter.setCheckForPrincipalChanges(true)
-        httpSignatureFilter.setInvalidateSessionOnPrincipalChange(true)
+        httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
+        val authenticationEntryPointFailureHandler =
+            AuthenticationEntryPointFailureHandler(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
+        authenticationEntryPointFailureHandler.setRethrowAuthenticationServiceException(false)
+        httpSignatureFilter.setAuthenticationFailureHandler(authenticationEntryPointFailureHandler)
+
         return httpSignatureFilter
     }