source: src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java@ 950fa0d

Last change on this file since 950fa0d was 950fa0d, checked in by Gjoko Kostadinov <gjoko.kostadinov@…>, 13 months ago

Periodic update
  • Property mode set to 100644
File size: 4.0 KB
Line 
1package edu.gjoko.schedlr.config;
2
3import edu.gjoko.schedlr.services.PostgresUserDetailsService;
4import lombok.AllArgsConstructor;
5import org.springframework.context.annotation.Bean;
6import org.springframework.context.annotation.Configuration;
7import org.springframework.security.authentication.AuthenticationManager;
8import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
9import org.springframework.security.config.annotation.web.builders.HttpSecurity;
10import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
11import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
12import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
13import org.springframework.security.web.authentication.AuthenticationFailureHandler;
14import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
15import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
16import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
17import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
18import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
19
20import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.*;
21
22@Configuration
23@EnableWebSecurity
24@AllArgsConstructor
25public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
26
27 private static final ClearSiteDataHeaderWriter.Directive[] SOURCE =
28 {CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS};
29
30 private final PostgresUserDetailsService userDetailsService;
31
32 private final BCryptPasswordEncoder passwordEncoder;
33
34 private final AuthenticationSuccessHandler authenticationSuccessHandler;
35
36 private final AuthenticationFailureHandler authenticationFailureHandler;
37
38 @Bean
39 public AuthenticationManager customAuthenticationManager() throws Exception {
40 return authenticationManager();
41 }
42
43 @Override
44 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
45 auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
46 }
47
48 @Override
49 protected void configure(HttpSecurity http) throws Exception {
50 http.csrf()
51 .disable()
52 .httpBasic()
53 .authenticationEntryPoint(new AppAuthenticationEntryPoint())
54 .and()
55 .addFilterAfter(new AppFilter(userDetailsService), BasicAuthenticationFilter.class)
56 .formLogin()
57 .loginPage("/login")
58 .loginProcessingUrl("/login")
59 .successHandler(authenticationSuccessHandler)
60 .failureHandler(authenticationFailureHandler)
61 .defaultSuccessUrl("/homepage")
62 .and()
63 .logout(logout -> logout
64 .logoutUrl("/logout")
65 .logoutSuccessUrl("/login")
66 .addLogoutHandler(new SecurityContextLogoutHandler())
67 .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))))
68 .authorizeRequests()
69 .antMatchers("/login").permitAll()
70 .antMatchers("/logout").permitAll()
71 .antMatchers("/register_customer").permitAll()
72 .antMatchers("/register_business").permitAll()
73 .antMatchers("/api/nomenclatures/*").permitAll()
74 .antMatchers("/api/user/me").permitAll()
75 .antMatchers("/api/business").permitAll()
76 .antMatchers("/api/appointment").permitAll()
77 .antMatchers("/homepage").permitAll()
78 .antMatchers("/css/**").permitAll()
79 .antMatchers("/js/**").permitAll()
80 .antMatchers("/anonymous*").anonymous()
81 .anyRequest()
82 .fullyAuthenticated();
83 }
84}
Note: See TracBrowser for help on using the repository browser.