Fix parsing of access token in get parameter

This is used by nodebb (passport) Fixes #562
FAForever · Feb 17, 2022 · 6de4d18 · 6de4d18
1 parent b901452
commit 6de4d18
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java b/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java
@@ -10,6 +10,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -26,6 +27,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
+    final var bearerTokenResolver = new DefaultBearerTokenResolver();
+    bearerTokenResolver.setAllowUriQueryParameter(true);
+
     // @formatter:off
       http
         .csrf()
@@ -44,6 +48,7 @@ public boolean matches(HttpServletRequest request) {
         .cacheControl().disable()
         .and().formLogin().disable()
         .oauth2ResourceServer()
+          .bearerTokenResolver(bearerTokenResolver)
           .jwt()
           .jwtAuthenticationConverter(new FafAuthenticationConverter())
           .and()