nova
/
Chatto
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity
A self hosted chat application with end-to-end encrypted messaging.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
173 Commits
4 Branches
0 Tags
10 MiB
Tree: 03124a9bd5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '03124a9bd5'
${ noResults }
Chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java

216 lines
7.7 KiB
Raw Normal View History

many changes
5 years ago
Done logic for getting online users and their last active time
5 years ago
transferred token auth files
5 years ago
many changes
5 years ago
transferred token auth files
5 years ago
many changes
5 years ago
zz
5 years ago
transferred token auth files
5 years ago
many changes
5 years ago
add bootstrap to web front-end
5 years ago
many changes
5 years ago
transferred token auth files
5 years ago
many changes
5 years ago
zz
5 years ago
transferred token auth files
5 years ago
many changes
5 years ago
zz
5 years ago
many changes
5 years ago
zz
5 years ago
many changes
5 years ago
zz
5 years ago
add bootstrap to web front-end
5 years ago
transferred token auth files
5 years ago
add bootstrap to web front-end
5 years ago
zz
5 years ago
add bootstrap to web front-end
5 years ago
zz
5 years ago
change json api demo endpoint to only allow access to super user. Token is now obtained from chat endpoint
5 years ago
add bootstrap to web front-end
5 years ago
change json api demo endpoint to only allow access to super user. Token is now obtained from chat endpoint
5 years ago
zz
5 years ago
change json api demo endpoint to only allow access to super user. Token is now obtained from chat endpoint
5 years ago
zz
5 years ago
initial implementation of registration captcha
5 years ago
zz
5 years ago
transferred token auth files
5 years ago
zz
5 years ago
add bootstrap to web front-end
5 years ago
zz
5 years ago
Done logic for getting online users and their last active time
5 years ago
csrf is enabled again
5 years ago
Done logic for getting online users and their last active time
5 years ago
csrf is enabled again
5 years ago
zz
5 years ago
csrf is enabled again
5 years ago
zz
5 years ago
csrf is enabled again
5 years ago
zz
5 years ago
add bootstrap to web front-end
5 years ago
zz
5 years ago
add bootstrap to web front-end
5 years ago
csrf is enabled again
5 years ago
zz
5 years ago
add bootstrap to web front-end
5 years ago
zz
5 years ago
csrf is enabled again
5 years ago
add bootstrap to web front-end
5 years ago
zz
5 years ago
add bootstrap to web front-end
5 years ago
many changes
5 years ago
csrf is enabled again
5 years ago
add bootstrap to web front-end
5 years ago
many changes
5 years ago
zz
5 years ago
many changes
5 years ago
  1. package org.ros.chatto;
  3. import org.ros.chatto.logged.MyLogoutSuccessHandler;
  4. import org.ros.chatto.logged.MySimpleUrlAuthenticationSuccessHandler;
  5. import org.ros.chatto.security.CustomBasicAuthenticationFilter;
  6. import org.ros.chatto.security.MyUserDetailsService;
  7. import org.ros.chatto.security.TokenAuthenticationFilter;
  8. import org.springframework.beans.factory.annotation.Autowired;
  9. import org.springframework.context.annotation.Bean;
  10. import org.springframework.context.annotation.Configuration;
  11. import org.springframework.core.annotation.Order;
  12. import org.springframework.security.authentication.AuthenticationManager;
  13. import org.springframework.security.authentication.AuthenticationProvider;
  14. import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
  15. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  16. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  17. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  18. import org.springframework.security.config.http.SessionCreationPolicy;
  19. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  20. import org.springframework.security.crypto.password.PasswordEncoder;
  21. import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
  22. import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
  24. @Configuration
  25. @EnableWebSecurity
  26. public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
  28. @Autowired
  29. private AuthenticationSuccessHandler authenticationSuccessHandler;
  30. @Autowired
  31. private MyUserDetailsService myUserDetailsService;
  32. @Autowired
  33. private PasswordEncoder passwordEncoder;
  35. @Override
  36. @Bean
  37. public AuthenticationManager authenticationManagerBean() throws Exception {
  38. return super.authenticationManagerBean();
  39. }
  41. @Bean
  42. public AuthenticationProvider authenticationProvider() {
  43. DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
  44. provider.setUserDetailsService(myUserDetailsService);
  45. provider.setPasswordEncoder(passwordEncoder);
  46. return provider;
  47. }
  49. @Bean
  50. public static PasswordEncoder passwordEncoder() {
  51. return new BCryptPasswordEncoder();
  52. }
  54. @Configuration
  55. @Order(1)
  56. public static class ApiWebSecurity extends WebSecurityConfigurerAdapter {
  57. @Autowired
  58. private RESTAuthenticationEntryPoint authenticationEntryPoint;
  60. @Autowired
  61. private CustomBasicAuthenticationFilter customBasicAuthFilter;
  63. @Autowired
  64. private TokenAuthenticationFilter tokenFilter;
  66. @Override
  67. protected void configure(HttpSecurity http) throws Exception {
  68. http.csrf().disable().exceptionHandling()
  70. .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
  71. // .cors().and()
  73. .antMatcher("/api/**").authorizeRequests()
  74. .antMatchers("/api/chat/**").hasAnyRole("USER", "ADMIN", "SUPER_USER")
  75. .antMatchers("/api/demo/**").hasRole("SUPER_USER")
  76. // .antMatchers("/perform-login").permitAll()
  78. .anyRequest()
  79. // .hasAnyRole("USER", "ADMIN", "SUPER_USER")
  80. .authenticated()
  81. .and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)
  82. // .and()
  83. // .logout().invalidateHttpSession(true).clearAuthentication(true)
  84. // .logoutRequestMatcher(new AntPathRequestMatcher("/api/perform_logout"))
  85. // .logoutSuccessUrl("/").permitAll()
  86. // .and()
  87. // .formLogin()
  88. // .loginProcessingUrl("/api/perform_login").permitAll()
  89. // .and()
  90. // .formLogin()
  91. // .and()
  92. // .logout();
  93. ;
  95. http.addFilterBefore(tokenFilter, BasicAuthenticationFilter.class);
  97. // Creating token when basic authentication is successful and the same token can
  98. // be used to authenticate for further requests
  99. // final CustomBasicAuthenticationFilter customBasicAuthFilter = new CustomBasicAuthenticationFilter(
  100. // authenticationManagerBean());
  101. http.addFilter(customBasicAuthFilter);
  103. }
  105. // @Override
  106. // protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  107. // auth.eraseCredentials(false);
  108. // }
  109. //
  110. // public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
  111. //
  112. // }
  114. }
  116. @Configuration
  117. @Order(2)
  118. public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
  119. @Autowired
  120. private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
  122. @Autowired
  123. private MyLogoutSuccessHandler myLogoutSuccessHandler;
  125. @Override
  126. protected void configure(HttpSecurity httpSecurity) throws Exception {
  127. httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
  129. .authorizeRequests()
  130. // .antMatchers(HttpMethod.POST, "/api/**").permitAll()
  131. .antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
  132. "/perform_registration", "/css/**", "/js/**", "/img/**")
  133. .permitAll()
  134. // .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
  135. .antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
  136. .hasAnyRole("ADMIN", "SUPER_USER")
  137. // .and()
  138. // .antMatcher("/api/**")
  139. // .authorizeRequests()
  140. .anyRequest().authenticated()
  142. .and()
  144. .formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
  145. .successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
  146. .logoutSuccessHandler(myLogoutSuccessHandler)
  147. // .failureUrl("/?login_error")
  148. // .and()
  149. // .logout().invalidateHttpSession(true)
  150. // .clearAuthentication(true)
  151. // .logoutRequestMatcher(new AntPathRequestMatcher("/perform_logout"))
  152. // .logoutSuccessUrl("/").permitAll()
  153. // .and().httpBasic();
  154. // .and().cors()
  155. // .and().csrf().disable();
  156. ;
  157. // httpSecurity
  158. // .csrf().disable()
  159. // .authorizeRequests().antMatchers("login").permitAll()
  160. // .anyRequest().authenticated()
  161. // .and()
  162. // .formLogin()
  163. // .loginPage("/login").permitAll()
  164. // .and()
  165. // .logout().invalidateHttpSession(true)
  166. // .clearAuthentication(true)
  167. // .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
  168. // .logoutSuccessUrl("/").permitAll();
  169. }
  170. // @Override
  171. // protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  172. // auth.eraseCredentials(false);
  173. // }
  175. }
  177. // @Override
  178. // protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  179. // auth.eraseCredentials(false);
  180. // }
  182. // @Override
  183. // protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  184. // auth.inMemoryAuthentication()
  185. // .withUser("user")
  186. // .password("{noop}user")
  187. // .roles("USER")
  188. // .and()
  189. // .withUser("admin")
  190. // .password("{noop}admin")
  191. // .roles("ADMIN");
  192. //// auth.userDetailsService(myUserDetailsService);
  193. //
  194. // }
  195. // @Bean
  196. // @Override
  197. // public UserDetailsService userDetailsService(String usern) {
  198. //// UserDetails user =
  199. //// User.withDefaultPasswordEncoder()
  200. //// .username("user")
  201. //// .password("password")
  202. //// .roles("USER")
  203. //// .build();
  204. ////
  205. //// return new InMemoryUserDetailsManager(user);
  206. // myUserDetailsService.loadUserByUsername(username)
  207. //
  208. // }
  209. // @Override
  210. // protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  211. // auth.userDetailsService(myUserDetailsService);
  212. // }
  213. // auth.userDetailsService(myUserDetailsService);
  215. // }
  216. }