Updated security config
This commit is contained in:
parent
2a2844afcc
commit
42f8978d06
@ -20,14 +20,17 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||||
|
|
||||||
|
import lombok.RequiredArgsConstructor;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
|
@RequiredArgsConstructor
|
||||||
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private MyUserDetailsService myUserDetailsService;
|
private final MyUserDetailsService myUserDetailsService;
|
||||||
@Autowired
|
@Autowired
|
||||||
private PasswordEncoder passwordEncoder;
|
private final PasswordEncoder passwordEncoder;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Bean
|
@Bean
|
||||||
@ -37,7 +40,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public AuthenticationProvider authenticationProvider() {
|
public AuthenticationProvider authenticationProvider() {
|
||||||
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
final DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
||||||
provider.setUserDetailsService(myUserDetailsService);
|
provider.setUserDetailsService(myUserDetailsService);
|
||||||
provider.setPasswordEncoder(passwordEncoder);
|
provider.setPasswordEncoder(passwordEncoder);
|
||||||
return provider;
|
return provider;
|
||||||
@ -50,80 +53,76 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@Order(1)
|
@Order(1)
|
||||||
|
@RequiredArgsConstructor
|
||||||
public static class ApiWebSecurity extends WebSecurityConfigurerAdapter {
|
public static class ApiWebSecurity extends WebSecurityConfigurerAdapter {
|
||||||
@Autowired
|
@Autowired
|
||||||
private RESTAuthenticationEntryPoint authenticationEntryPoint;
|
private final RESTAuthenticationEntryPoint authenticationEntryPoint;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private CustomBasicAuthenticationFilter customBasicAuthFilter;
|
private final CustomBasicAuthenticationFilter customBasicAuthFilter;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private TokenAuthenticationFilter tokenFilter;
|
private final TokenAuthenticationFilter tokenFilter;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(final HttpSecurity http) throws Exception {
|
||||||
http.csrf().disable().exceptionHandling()
|
http.csrf().disable().exceptionHandling()
|
||||||
|
|
||||||
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
.and().sessionManagement()
|
||||||
// .cors().and()
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||||
|
.and()
|
||||||
|
// .cors().and()
|
||||||
.antMatcher("/api/**").authorizeRequests()
|
.antMatcher("/api/**").authorizeRequests()
|
||||||
.antMatchers("/api/chat/**").hasAnyRole("USER", "ADMIN", "SUPER_USER")
|
.antMatchers("/api/chat/**")
|
||||||
|
.hasAnyRole("USER", "ADMIN", "SUPER_USER")
|
||||||
|
.antMatchers("/api/admin/**")
|
||||||
|
.hasAnyRole("ADMIN", "SUPER_USER")
|
||||||
.antMatchers("/api/demo/**").hasRole("SUPER_USER")
|
.antMatchers("/api/demo/**").hasRole("SUPER_USER")
|
||||||
// .antMatchers("/perform-login").permitAll()
|
.anyRequest().authenticated().and().httpBasic()
|
||||||
|
.authenticationEntryPoint(authenticationEntryPoint).and()
|
||||||
.anyRequest()
|
.addFilterBefore(tokenFilter,
|
||||||
// .hasAnyRole("USER", "ADMIN", "SUPER_USER")
|
BasicAuthenticationFilter.class)
|
||||||
.authenticated()
|
// Creating token when basic authentication is successful
|
||||||
.and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)
|
// and the
|
||||||
;
|
// same token can
|
||||||
|
|
||||||
http.addFilterBefore(tokenFilter, BasicAuthenticationFilter.class);
|
|
||||||
|
|
||||||
// Creating token when basic authentication is successful and the same token can
|
|
||||||
// be used to authenticate for further requests
|
// be used to authenticate for further requests
|
||||||
// final CustomBasicAuthenticationFilter customBasicAuthFilter = new CustomBasicAuthenticationFilter(
|
.addFilter(customBasicAuthFilter);
|
||||||
// authenticationManagerBean());
|
|
||||||
http.addFilter(customBasicAuthFilter);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@Order(2)
|
@Order(2)
|
||||||
|
@RequiredArgsConstructor
|
||||||
public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
|
public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserSessionLoggingLoginSuccessHandler loginSuccessHandler;
|
private final UserSessionLoggingLoginSuccessHandler loginSuccessHandler;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserSessionLoggingLogoutSuccessHandler logoutSuccessHandler;
|
private final UserSessionLoggingLogoutSuccessHandler logoutSuccessHandler;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
protected void configure(final HttpSecurity httpSecurity)
|
||||||
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
|
throws Exception {
|
||||||
|
httpSecurity.sessionManagement()
|
||||||
|
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
|
||||||
|
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
// .antMatchers(HttpMethod.POST, "/api/**").permitAll()
|
.antMatchers("/", "perform_login", "/logout**",
|
||||||
.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
|
"/favicon.ico", "/login*", "/registration",
|
||||||
"/perform_registration", "/css/**", "/js/**", "/img/**")
|
"/perform_registration", "/css/**", "/js/**",
|
||||||
.permitAll()
|
"/img/**")
|
||||||
// .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
|
.permitAll().antMatchers("/user/**")
|
||||||
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
|
.hasAnyRole("USER", "ADMIN", "SUPER_USER")
|
||||||
.hasAnyRole("ADMIN", "SUPER_USER")
|
.antMatchers("/admin/**").hasAnyRole("ADMIN", "SUPER_USER")
|
||||||
// .and()
|
|
||||||
// .antMatcher("/api/**")
|
|
||||||
// .authorizeRequests()
|
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
|
|
||||||
.and()
|
.and()
|
||||||
|
|
||||||
.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
|
.formLogin().loginPage("/login").permitAll()
|
||||||
|
.loginProcessingUrl("/perform_login")
|
||||||
.successHandler(loginSuccessHandler).and().logout()
|
.successHandler(loginSuccessHandler).and().logout()
|
||||||
.logoutSuccessHandler(logoutSuccessHandler)
|
.logoutSuccessHandler(logoutSuccessHandler);
|
||||||
;
|
|
||||||
}
|
}
|
||||||
// }
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user