[camel-spring-boot] branch master updated: CAMEL-1750: Ensure undertow security customizer is run before regular customizers. Thanks to Dietrich Schulten for reporting and suggested fix.

davsclaus Tue, 30 Mar 2021 07:37:26 -0700

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-spring-boot.git



The following commit(s) were added to refs/heads/master by this push:
     new 246d1b7  CAMEL-1750: Ensure undertow security customizer is run before 
regular customizers. Thanks to Dietrich Schulten for reporting and suggested 
fix.
246d1b7 is described below

commit 246d1b7e99e0aa3f0f504d584ee53a12893a2bf7
Author: Claus Ibsen <[email protected]>
AuthorDate: Tue Mar 30 16:37:00 2021 +0200

    CAMEL-1750: Ensure undertow security customizer is run before regular 
customizers. Thanks to Dietrich Schulten for reporting and suggested fix.
---
 .../spring/boot/UndertowSpringSecurityCustomizer.java   | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git 
a/components-starter/camel-undertow-spring-security-starter/src/main/java/org/apache/camel/undertow/spring/boot/UndertowSpringSecurityCustomizer.java
 
b/components-starter/camel-undertow-spring-security-starter/src/main/java/org/apache/camel/undertow/spring/boot/UndertowSpringSecurityCustomizer.java
index e9d28db..101f27b 100644
--- 
a/components-starter/camel-undertow-spring-security-starter/src/main/java/org/apache/camel/undertow/spring/boot/UndertowSpringSecurityCustomizer.java
+++ 
b/components-starter/camel-undertow-spring-security-starter/src/main/java/org/apache/camel/undertow/spring/boot/UndertowSpringSecurityCustomizer.java
@@ -77,7 +77,8 @@ public class UndertowSpringSecurityCustomizer implements 
ComponentCustomizer {
 
     @Override
     public int getOrder() {
-        return 0;
+        // must run before regular customizers
+        return -1;
     }
 
     @EnableWebSecurity
@@ -90,15 +91,11 @@ public class UndertowSpringSecurityCustomizer implements 
ComponentCustomizer {
 
         @Override
         protected void configure(HttpSecurity http) throws Exception {
-            http
-                    
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                    .and()
-                    .authorizeRequests()
-                    .anyRequest().authenticated()
-                    .and()
-                    .oauth2ResourceServer()
-                    .jwt()
-                    
.jwtAuthenticationConverter(getProvider().getJwtAuthenticationConverter());
+            
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and().authorizeRequests()
+                .anyRequest().authenticated()
+                .and().oauth2ResourceServer()
+                
.jwt().jwtAuthenticationConverter(getProvider().getJwtAuthenticationConverter());
         }
     }

[camel-spring-boot] branch master updated: CAMEL-1750: Ensure undertow security customizer is run before regular customizers. Thanks to Dietrich Schulten for reporting and suggested fix.

Reply via email to