BE - Authenticate API calls from frontend

hmcts · Jan 29, 2024 · edd7669 · edd7669
1 parent 60869f9
commit edd7669
Showing 1 changed file with 6 additions and 17 deletions.
diff --git a/src/main/java/uk/gov/hmcts/opal/authentication/config/SecurityConfig.java b/src/main/java/uk/gov/hmcts/opal/authentication/config/SecurityConfig.java
@@ -14,7 +14,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
-import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -42,6 +41,8 @@
 import uk.gov.hmcts.opal.authentication.config.internal.InternalAuthConfigurationProperties;
 import uk.gov.hmcts.opal.authentication.config.internal.InternalAuthConfigurationPropertiesStrategy;
 import uk.gov.hmcts.opal.authentication.config.internal.InternalAuthProviderConfigurationProperties;
+import uk.gov.hmcts.opal.authentication.exception.AuthenticationError;
+import uk.gov.hmcts.opal.exception.OpalApiException;
 
 import java.io.IOException;
 import java.util.List;
@@ -70,7 +71,6 @@ public class SecurityConfig {
         "/health/**",
         "/mappings",
         "/info",
-        "/api/**",
         "/metrics",
         "/metrics/**",
         "/internal-user/login-or-refresh",
@@ -80,25 +80,15 @@ public class SecurityConfig {
     };
 
     @Bean
-    @Order(1)
-    @SuppressWarnings("PMD.SignatureDeclareThrowsException")
-    public SecurityFilterChain patternFilterChain(HttpSecurity http) throws Exception {
-
+    @SuppressWarnings({"PMD.SignatureDeclareThrowsException", "squid:S4502"})
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         applyCommonConfig(http)
             .authorizeHttpRequests(authorize ->
                                        authorize.requestMatchers(PathRequest.toStaticResources().atCommonLocations())
                                            .permitAll()
                                            .requestMatchers(AUTH_WHITELIST)
                                            .permitAll()
-            );
-
-        return http.build();
-    }
-
-    @Bean
-    @SuppressWarnings({"PMD.SignatureDeclareThrowsException", "squid:S4502"})
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        applyCommonConfig(http)
+            )
             .addFilterBefore(new AuthorisationTokenExistenceFilter(), OAuth2LoginAuthenticationFilter.class)
             .authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated())
             .oauth2ResourceServer(oauth2 ->
@@ -154,8 +144,7 @@ protected void doFilterInternal(HttpServletRequest request,
                 return;
             }
 
-            response.sendRedirect(locator.locateAuthenticationConfiguration(req -> fallbackConfiguration).getLoginUri(
-                null).toString());
+            throw new OpalApiException(AuthenticationError.FAILED_TO_OBTAIN_ACCESS_TOKEN);
         }
     }