diff --git a/application/src/main/java/run/halo/app/security/CorsConfigurer.java b/application/src/main/java/run/halo/app/security/CorsConfigurer.java index 8584fb228..dc91f2179 100644 --- a/application/src/main/java/run/halo/app/security/CorsConfigurer.java +++ b/application/src/main/java/run/halo/app/security/CorsConfigurer.java @@ -2,6 +2,7 @@ package run.halo.app.security; import com.google.common.net.HttpHeaders; import java.util.List; +import org.springframework.core.annotation.Order; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.stereotype.Component; import org.springframework.web.cors.CorsConfiguration; @@ -10,6 +11,7 @@ import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; import run.halo.app.security.authentication.SecurityConfigurer; @Component +@Order(0) public class CorsConfigurer implements SecurityConfigurer { @Override public void configure(ServerHttpSecurity http) { diff --git a/application/src/main/java/run/halo/app/security/CsrfConfigurer.java b/application/src/main/java/run/halo/app/security/CsrfConfigurer.java index 75d37cb20..2d86cc31f 100644 --- a/application/src/main/java/run/halo/app/security/CsrfConfigurer.java +++ b/application/src/main/java/run/halo/app/security/CsrfConfigurer.java @@ -2,6 +2,7 @@ package run.halo.app.security; import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers; +import org.springframework.core.annotation.Order; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository; import org.springframework.security.web.server.csrf.CsrfWebFilter; @@ -12,6 +13,7 @@ import org.springframework.stereotype.Component; import run.halo.app.security.authentication.SecurityConfigurer; @Component +@Order(0) class CsrfConfigurer implements SecurityConfigurer { @Override diff --git a/application/src/main/java/run/halo/app/security/ExceptionSecurityConfigurer.java b/application/src/main/java/run/halo/app/security/ExceptionSecurityConfigurer.java index 940b232e4..85a762e57 100644 --- a/application/src/main/java/run/halo/app/security/ExceptionSecurityConfigurer.java +++ b/application/src/main/java/run/halo/app/security/ExceptionSecurityConfigurer.java @@ -5,6 +5,7 @@ import static org.springframework.security.web.server.util.matcher.ServerWebExch import java.util.ArrayList; import org.springframework.context.MessageSource; +import org.springframework.core.annotation.Order; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.security.config.web.server.ServerHttpSecurity; @@ -21,6 +22,7 @@ import run.halo.app.security.authentication.SecurityConfigurer; import run.halo.app.security.authentication.twofactor.TwoFactorAuthenticationEntryPoint; @Component +@Order(0) public class ExceptionSecurityConfigurer implements SecurityConfigurer { private final MessageSource messageSource; diff --git a/application/src/main/java/run/halo/app/security/LogoutSecurityConfigurer.java b/application/src/main/java/run/halo/app/security/LogoutSecurityConfigurer.java index f7b116087..b8254dead 100644 --- a/application/src/main/java/run/halo/app/security/LogoutSecurityConfigurer.java +++ b/application/src/main/java/run/halo/app/security/LogoutSecurityConfigurer.java @@ -7,6 +7,7 @@ import java.util.Map; import lombok.RequiredArgsConstructor; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; +import org.springframework.core.annotation.Order; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.security.config.web.server.ServerHttpSecurity; @@ -31,6 +32,7 @@ import run.halo.app.theme.router.ModelConst; @Component @RequiredArgsConstructor +@Order(0) public class LogoutSecurityConfigurer implements SecurityConfigurer { private final RememberMeServices rememberMeServices; private final ApplicationContext applicationContext; diff --git a/application/src/main/java/run/halo/app/security/SecurityWebFiltersConfigurer.java b/application/src/main/java/run/halo/app/security/SecurityWebFiltersConfigurer.java index 52a5e1e8d..bb134c9f3 100644 --- a/application/src/main/java/run/halo/app/security/SecurityWebFiltersConfigurer.java +++ b/application/src/main/java/run/halo/app/security/SecurityWebFiltersConfigurer.java @@ -24,7 +24,7 @@ import run.halo.app.security.authentication.SecurityConfigurer; @Component // Specific an order here to control the order or security configurer initialization -@Order(-100) +@Order(100) public class SecurityWebFiltersConfigurer implements SecurityConfigurer { private final ExtensionGetter extensionGetter; diff --git a/application/src/main/java/run/halo/app/security/authentication/login/LoginSecurityConfigurer.java b/application/src/main/java/run/halo/app/security/authentication/login/LoginSecurityConfigurer.java index fb49212d8..43296e113 100644 --- a/application/src/main/java/run/halo/app/security/authentication/login/LoginSecurityConfigurer.java +++ b/application/src/main/java/run/halo/app/security/authentication/login/LoginSecurityConfigurer.java @@ -3,6 +3,7 @@ package run.halo.app.security.authentication.login; import io.github.resilience4j.ratelimiter.RateLimiterRegistry; import io.micrometer.observation.ObservationRegistry; import org.springframework.context.MessageSource; +import org.springframework.core.annotation.Order; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.ObservationReactiveAuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager; @@ -28,6 +29,7 @@ import run.halo.app.security.authentication.SecurityConfigurer; import run.halo.app.security.authentication.twofactor.TwoFactorAuthentication; @Component +@Order(0) public class LoginSecurityConfigurer implements SecurityConfigurer { private final ObservationRegistry observationRegistry; diff --git a/application/src/main/java/run/halo/app/security/authentication/oauth2/OAuth2SecurityConfigurer.java b/application/src/main/java/run/halo/app/security/authentication/oauth2/OAuth2SecurityConfigurer.java index d4bf79f44..0f25d6883 100644 --- a/application/src/main/java/run/halo/app/security/authentication/oauth2/OAuth2SecurityConfigurer.java +++ b/application/src/main/java/run/halo/app/security/authentication/oauth2/OAuth2SecurityConfigurer.java @@ -1,5 +1,6 @@ package run.halo.app.security.authentication.oauth2; +import org.springframework.core.annotation.Order; import org.springframework.security.config.web.server.SecurityWebFiltersOrder; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.core.userdetails.ReactiveUserDetailsService; @@ -15,6 +16,7 @@ import run.halo.app.security.authentication.SecurityConfigurer; * @since 2.20.0 */ @Component +@Order(0) class OAuth2SecurityConfigurer implements SecurityConfigurer { private final ServerSecurityContextRepository securityContextRepository; diff --git a/application/src/main/java/run/halo/app/security/authentication/rememberme/RememberMeConfigurer.java b/application/src/main/java/run/halo/app/security/authentication/rememberme/RememberMeConfigurer.java index 97cbc683c..7e2dbf058 100644 --- a/application/src/main/java/run/halo/app/security/authentication/rememberme/RememberMeConfigurer.java +++ b/application/src/main/java/run/halo/app/security/authentication/rememberme/RememberMeConfigurer.java @@ -3,6 +3,7 @@ package run.halo.app.security.authentication.rememberme; import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult; import lombok.RequiredArgsConstructor; +import org.springframework.core.annotation.Order; import org.springframework.security.config.web.server.SecurityWebFiltersOrder; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.core.context.ReactiveSecurityContextHolder; @@ -13,6 +14,7 @@ import run.halo.app.security.authentication.SecurityConfigurer; @Component @RequiredArgsConstructor +@Order(0) public class RememberMeConfigurer implements SecurityConfigurer { private final RememberMeServices rememberMeServices; diff --git a/application/src/main/java/run/halo/app/security/authentication/twofactor/TwoFactorAuthSecurityConfigurer.java b/application/src/main/java/run/halo/app/security/authentication/twofactor/TwoFactorAuthSecurityConfigurer.java index d392c0fc3..571d49043 100644 --- a/application/src/main/java/run/halo/app/security/authentication/twofactor/TwoFactorAuthSecurityConfigurer.java +++ b/application/src/main/java/run/halo/app/security/authentication/twofactor/TwoFactorAuthSecurityConfigurer.java @@ -2,6 +2,7 @@ package run.halo.app.security.authentication.twofactor; import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers; +import org.springframework.core.annotation.Order; import org.springframework.http.HttpMethod; import org.springframework.security.config.web.server.SecurityWebFiltersOrder; import org.springframework.security.config.web.server.ServerHttpSecurity; @@ -17,6 +18,7 @@ import run.halo.app.security.authentication.twofactor.totp.TotpAuthenticationMan import run.halo.app.security.authentication.twofactor.totp.TotpCodeAuthenticationConverter; @Component +@Order(0) public class TwoFactorAuthSecurityConfigurer implements SecurityConfigurer { private final ServerSecurityContextRepository securityContextRepository;