Package org.andidev.applicationname.config

Source Code of org.andidev.applicationname.config.SpringSecurityConfig

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package org.andidev.applicationname.config;

import javax.inject.Inject;
import org.andidev.applicationname.config.logging.MDCUsernameInsertingFilter;
import org.andidev.applicationname.config.springsecurity.CustomWebSecurityExpressionHandler;
import org.andidev.applicationname.config.springsecurity.SpringDataTokenRepositoryImpl;
import org.andidev.applicationname.config.springsecurity.UserDetailsServiceAnonymousAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    static final String REMEMBER_ME_KEY = "78780c25-1849-4796-a79c-0f4326f32dfd";

    @Inject
    UserDetailsService userDetailService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .userDetailsService(userDetailService)
                .passwordEncoder(passwordEncoder());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
            .expressionHandler(webSecurityExpressionHandler())
            .ignoring()
                .antMatchers("/resources/**")
                .antMatchers("/resources-*/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .headers() // TODO: (REWRITE) This enables opening javamelody in an iframe, see https://jira.spring.io/browse/SEC-2501 and https://jira.spring.io/browse/SPR-11496
                .addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
                .and()
            .requiresChannel()
                .anyRequest().requiresSecure()
                .and()
            .authorizeRequests()
                .expressionHandler(webSecurityExpressionHandler())
                .antMatchers("/database/**").access("hasRole('ROLE_DEVELOPER') and !isProductionEnvironment()")
                .antMatchers("/javamelody/**").access("hasRole('ROLE_DEVELOPER')")
                .and()
            .formLogin()
                .loginPage("/login")
                .usernameParameter("username")
                .passwordParameter("password")
                .failureUrl("/login/failure")
                .defaultSuccessUrl("/login/success")
                .and()
            .logout()
                .logoutUrl("/normallogout")
                .logoutSuccessUrl("/logout/success")
                .invalidateHttpSession(true)
                .and()
            .rememberMe()
                .tokenRepository(springDataTokenRepository())
                .useSecureCookie(true)
                .and()
            .exceptionHandling()
                .accessDeniedPage("/accessdenied")
                .and()
            .anonymous().disable()
            .addFilterBefore(anonymousAuthenticationFilter(), AnonymousAuthenticationFilter.class)
            .addFilter(switchUserFilter())
            .addFilterAfter(mdcUsernameInsertingFilter(), SecurityContextPersistenceFilter.class)
            .authorizeRequests()
                .expressionHandler(webSecurityExpressionHandler())
                .antMatchers("/switchuserto").hasRole("ROOT")
                .and()
            .csrf().disable()
            .httpBasic();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        return passwordEncoder;
    }

    @Bean
    public UserDetailsServiceAnonymousAuthenticationFilter anonymousAuthenticationFilter() {
        UserDetailsServiceAnonymousAuthenticationFilter anonymousAuthenticationFilter = new UserDetailsServiceAnonymousAuthenticationFilter(userDetailService);
        return anonymousAuthenticationFilter;
    }

    @Bean
    public SwitchUserFilter switchUserFilter() {
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(userDetailService);
        switchUserFilter.setTargetUrl("/");
        switchUserFilter.setSwitchUserUrl("/switchuserto");
        switchUserFilter.setUsernameParameter("username");
        switchUserFilter.setExitUserUrl("/switchuserlogout");
        return switchUserFilter;
    }

    @Bean
    public MDCUsernameInsertingFilter mdcUsernameInsertingFilter() {
        MDCUsernameInsertingFilter mdcUsernameInsertingFilter = new MDCUsernameInsertingFilter();
        return mdcUsernameInsertingFilter;
    }

    @Bean
    public SpringDataTokenRepositoryImpl springDataTokenRepository() {
        SpringDataTokenRepositoryImpl springDataTokenRepository = new SpringDataTokenRepositoryImpl();
        return springDataTokenRepository;
    }

    @Bean
    public RememberMeAuthenticationProvider rememberMeAuthenticationProvider() {
        RememberMeAuthenticationProvider rememberMeAuthenticationProvider = new RememberMeAuthenticationProvider(REMEMBER_ME_KEY);
        return rememberMeAuthenticationProvider;
    }

    @Bean
    public CustomWebSecurityExpressionHandler webSecurityExpressionHandler() {
        CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler = new CustomWebSecurityExpressionHandler();
        return customWebSecurityExpressionHandler;
    }
}
TOP

Related Classes of org.andidev.applicationname.config.SpringSecurityConfig

  • org.andidev.applicationname.config.logging.MDCUsernameInsertingFilter
  • org.andidev.applicationname.config.springsecurity.CustomWebSecurityExpressionHandler
  • org.andidev.applicationname.config.springsecurity.SpringDataTokenRepositoryImpl
  • org.andidev.applicationname.config.springsecurity.UserDetailsServiceAnonymousAuthenticationFilter
  • org.springframework.security.authentication.RememberMeAuthenticationProvider
  • org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
  • org.springframework.security.web.authentication.switchuser.SwitchUserFilter
  • org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.