212 lines
7.6 KiB
Java
212 lines
7.6 KiB
Java
package org.ros.chatto;
|
|
|
|
import org.ros.chatto.logged.MyLogoutSuccessHandler;
|
|
import org.ros.chatto.logged.MySimpleUrlAuthenticationSuccessHandler;
|
|
import org.ros.chatto.security.CustomBasicAuthenticationFilter;
|
|
import org.ros.chatto.security.MyUserDetailsService;
|
|
import org.ros.chatto.security.TokenAuthenticationFilter;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.core.annotation.Order;
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
import org.springframework.security.authentication.AuthenticationProvider;
|
|
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|
|
|
@Autowired
|
|
private AuthenticationSuccessHandler authenticationSuccessHandler;
|
|
@Autowired
|
|
private MyUserDetailsService myUserDetailsService;
|
|
@Autowired
|
|
private PasswordEncoder passwordEncoder;
|
|
|
|
@Override
|
|
@Bean
|
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
|
return super.authenticationManagerBean();
|
|
}
|
|
|
|
@Bean
|
|
public AuthenticationProvider authenticationProvider() {
|
|
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
|
|
provider.setUserDetailsService(myUserDetailsService);
|
|
provider.setPasswordEncoder(passwordEncoder);
|
|
return provider;
|
|
}
|
|
|
|
@Bean
|
|
public static PasswordEncoder passwordEncoder() {
|
|
return new BCryptPasswordEncoder();
|
|
}
|
|
|
|
@Configuration
|
|
@Order(1)
|
|
public static class ApiWebSecurity extends WebSecurityConfigurerAdapter {
|
|
@Autowired
|
|
private RESTAuthenticationEntryPoint authenticationEntryPoint;
|
|
|
|
@Autowired
|
|
private CustomBasicAuthenticationFilter customBasicAuthFilter;
|
|
|
|
@Autowired
|
|
private TokenAuthenticationFilter tokenFilter;
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http.csrf().disable().exceptionHandling()
|
|
|
|
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
|
// .cors().and()
|
|
.antMatcher("/api/**").authorizeRequests()
|
|
// .antMatchers("/perform-login").permitAll()
|
|
.anyRequest()
|
|
// .hasAnyRole("USER", "ADMIN", "SUPER_USER")
|
|
.authenticated().and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)
|
|
// .and()
|
|
// .logout().invalidateHttpSession(true).clearAuthentication(true)
|
|
// .logoutRequestMatcher(new AntPathRequestMatcher("/api/perform_logout"))
|
|
// .logoutSuccessUrl("/").permitAll()
|
|
// .and()
|
|
// .formLogin()
|
|
// .loginProcessingUrl("/api/perform_login").permitAll()
|
|
// .and()
|
|
// .formLogin()
|
|
// .and()
|
|
// .logout();
|
|
;
|
|
|
|
http.addFilterBefore(tokenFilter, BasicAuthenticationFilter.class);
|
|
|
|
// Creating token when basic authentication is successful and the same token can
|
|
// be used to authenticate for further requests
|
|
// final CustomBasicAuthenticationFilter customBasicAuthFilter = new CustomBasicAuthenticationFilter(
|
|
// authenticationManagerBean());
|
|
http.addFilter(customBasicAuthFilter);
|
|
|
|
}
|
|
|
|
// @Override
|
|
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
// auth.eraseCredentials(false);
|
|
// }
|
|
//
|
|
// public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
|
|
//
|
|
// }
|
|
|
|
}
|
|
|
|
@Configuration
|
|
@Order(2)
|
|
public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
|
|
@Autowired
|
|
private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
|
|
|
|
@Autowired
|
|
private MyLogoutSuccessHandler myLogoutSuccessHandler;
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
|
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
|
|
|
|
.authorizeRequests()
|
|
// .antMatchers(HttpMethod.POST, "/api/**").permitAll()
|
|
.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
|
|
"/perform_registration", "/css/**", "/js/**", "/img/**")
|
|
.permitAll()
|
|
// .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
|
|
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
|
|
.hasAnyRole("ADMIN", "SUPER_USER")
|
|
// .and()
|
|
// .antMatcher("/api/**")
|
|
// .authorizeRequests()
|
|
.anyRequest().authenticated()
|
|
|
|
.and()
|
|
|
|
.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
|
|
.successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
|
|
.logoutSuccessHandler(myLogoutSuccessHandler)
|
|
// .failureUrl("/?login_error")
|
|
// .and()
|
|
// .logout().invalidateHttpSession(true)
|
|
// .clearAuthentication(true)
|
|
// .logoutRequestMatcher(new AntPathRequestMatcher("/perform_logout"))
|
|
// .logoutSuccessUrl("/").permitAll()
|
|
// .and().httpBasic();
|
|
// .and().cors()
|
|
// .and().csrf().disable();
|
|
;
|
|
// httpSecurity
|
|
// .csrf().disable()
|
|
// .authorizeRequests().antMatchers("login").permitAll()
|
|
// .anyRequest().authenticated()
|
|
// .and()
|
|
// .formLogin()
|
|
// .loginPage("/login").permitAll()
|
|
// .and()
|
|
// .logout().invalidateHttpSession(true)
|
|
// .clearAuthentication(true)
|
|
// .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
|
|
// .logoutSuccessUrl("/").permitAll();
|
|
}
|
|
// @Override
|
|
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
// auth.eraseCredentials(false);
|
|
// }
|
|
|
|
}
|
|
|
|
// @Override
|
|
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
// auth.eraseCredentials(false);
|
|
// }
|
|
|
|
// @Override
|
|
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
// auth.inMemoryAuthentication()
|
|
// .withUser("user")
|
|
// .password("{noop}user")
|
|
// .roles("USER")
|
|
// .and()
|
|
// .withUser("admin")
|
|
// .password("{noop}admin")
|
|
// .roles("ADMIN");
|
|
//// auth.userDetailsService(myUserDetailsService);
|
|
//
|
|
// }
|
|
// @Bean
|
|
// @Override
|
|
// public UserDetailsService userDetailsService(String usern) {
|
|
//// UserDetails user =
|
|
//// User.withDefaultPasswordEncoder()
|
|
//// .username("user")
|
|
//// .password("password")
|
|
//// .roles("USER")
|
|
//// .build();
|
|
////
|
|
//// return new InMemoryUserDetailsManager(user);
|
|
// myUserDetailsService.loadUserByUsername(username)
|
|
//
|
|
// }
|
|
// @Override
|
|
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
// auth.userDetailsService(myUserDetailsService);
|
|
// }
|
|
// auth.userDetailsService(myUserDetailsService);
|
|
|
|
// }
|
|
}
|