Merge pull request #216 from bsinno/fix_lazy_initialization_of_tenant_at_login

re-order tenant lazy initialization filter after authentication chain
This commit is contained in:
Kai Zimmermann
2016-06-20 12:08:04 +02:00
committed by GitHub

View File

@@ -83,6 +83,7 @@ import org.springframework.security.web.header.writers.frameoptions.StaticAllowF
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter; import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode; import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
import org.springframework.security.web.session.HttpSessionEventPublisher; import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.session.SessionManagementFilter;
import org.vaadin.spring.security.VaadinSecurityContext; import org.vaadin.spring.security.VaadinSecurityContext;
import org.vaadin.spring.security.annotation.EnableVaadinSecurity; import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy; import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy;
@@ -333,7 +334,7 @@ public class SecurityManagedConfiguration {
}, RequestHeaderAuthenticationFilter.class) }, RequestHeaderAuthenticationFilter.class)
.addFilterAfter( .addFilterAfter(
new AuthenticationSuccessTenantMetadataCreationFilter(tenantAware, systemManagement), new AuthenticationSuccessTenantMetadataCreationFilter(tenantAware, systemManagement),
RequestHeaderAuthenticationFilter.class) SessionManagementFilter.class)
.authorizeRequests().anyRequest().authenticated() .authorizeRequests().anyRequest().authenticated()
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN) .hasAnyAuthority(SpPermission.SYSTEM_ADMIN)