nova
/
Chatto
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity
A self hosted chat application with end-to-end encrypted messaging.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
246 Commits
4 Branches
0 Tags
10 MiB
 
 
 
 
 
 
Tree: af4181185c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'af4181185c'
${ noResults }
Chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java

128 lines
4.5 KiB
Raw Blame History

package org.ros.chatto;
import org.ros.chatto.logged.UserSessionLoggingLoginSuccessHandler;
import org.ros.chatto.logged.UserSessionLoggingLogoutSuccessHandler;
import org.ros.chatto.security.CustomBasicAuthenticationFilter;
import org.ros.chatto.security.MyUserDetailsService;
import org.ros.chatto.security.TokenAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import lombok.RequiredArgsConstructor;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private final MyUserDetailsService myUserDetailsService;
@Autowired
private final PasswordEncoder passwordEncoder;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public AuthenticationProvider authenticationProvider() {
final DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(myUserDetailsService);
provider.setPasswordEncoder(passwordEncoder);
return provider;
}
@Bean
public static PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Configuration
@Order(1)
@RequiredArgsConstructor
public static class ApiWebSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private final RESTAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private final CustomBasicAuthenticationFilter customBasicAuthFilter;
@Autowired
private final TokenAuthenticationFilter tokenFilter;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable().exceptionHandling()
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
// .cors().and()
.antMatcher("/api/**").authorizeRequests()
.antMatchers("/api/chat/**")
.hasAnyRole("USER", "ADMIN", "SUPER_USER")
.antMatchers("/api/admin/**")
.hasAnyRole("ADMIN", "SUPER_USER")
.antMatchers("/api/demo/**").hasRole("SUPER_USER")
.anyRequest().authenticated().and().httpBasic()
.authenticationEntryPoint(authenticationEntryPoint).and()
.addFilterBefore(tokenFilter,
BasicAuthenticationFilter.class)
// Creating token when basic authentication is successful
// and the
// same token can
// be used to authenticate for further requests
.addFilter(customBasicAuthFilter);
}
}
@Configuration
@Order(2)
@RequiredArgsConstructor
public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private final UserSessionLoggingLoginSuccessHandler loginSuccessHandler;
@Autowired
private final UserSessionLoggingLogoutSuccessHandler logoutSuccessHandler;
@Override
protected void configure(final HttpSecurity httpSecurity)
throws Exception {
httpSecurity.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
.authorizeRequests()
.antMatchers("/", "perform_login", "/logout**",
"/favicon.ico", "/login*", "/registration",
"/perform_registration", "/css/**", "/js/**",
"/img/**")
.permitAll().antMatchers("/user/**")
.hasAnyRole("USER", "ADMIN", "SUPER_USER")
.antMatchers("/admin/**").hasAnyRole("ADMIN", "SUPER_USER")
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.loginProcessingUrl("/perform_login")
.successHandler(loginSuccessHandler).and().logout()
.logoutSuccessHandler(logoutSuccessHandler);
}
}
}