Ignore:
Timestamp:
10/17/22 00:30:31 (2 years ago)
Author:
Gjoko <goko_kostadinov@…>
Branches:
master
Children:
204464d
Parents:
cf9cdbf
Message:

Fixing security configuration

Location:
src/main/java/edu/gjoko/schedlr/config
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • src/main/java/edu/gjoko/schedlr/config/AppFilter.java

    rcf9cdbf r401a211  
    2525        if(session != null) {
    2626            Map<String, String> roleTargetUrlMap = new HashMap<>();
    27             roleTargetUrlMap.put("DATE", "/date");
    28             roleTargetUrlMap.put("GUESS_NUMBER", "/number");
     27            roleTargetUrlMap.put("ADMIN", "/date");
     28            roleTargetUrlMap.put("CUSTOMER", "/number");
     29            roleTargetUrlMap.put("BUSINESS_OWNER", "");
    2930            SecurityContextImpl sci = (SecurityContextImpl) session.getAttribute("SPRING_SECURITY_CONTEXT");
    3031            if(sci != null) {
  • src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java

    rcf9cdbf r401a211  
    11package edu.gjoko.schedlr.config;
    22
     3import edu.gjoko.schedlr.services.PostgresUserDetailsService;
    34import org.springframework.context.annotation.Bean;
    45import org.springframework.context.annotation.Configuration;
     6import org.springframework.security.authentication.AuthenticationManager;
     7import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    58import org.springframework.security.config.annotation.web.builders.HttpSecurity;
     9import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
     10import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    611import org.springframework.security.config.core.GrantedAuthorityDefaults;
    7 import org.springframework.security.core.userdetails.User;
    8 import org.springframework.security.core.userdetails.UserDetailsService;
    912import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    10 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
    11 import org.springframework.security.provisioning.UserDetailsManager;
    12 import org.springframework.security.web.SecurityFilterChain;
     13import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
    1314import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
    1415
    1516@Configuration
    16 public class AppSecurityConfig {
     17@EnableWebSecurity
     18public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
     19
     20    private final PostgresUserDetailsService userDetailsService;
     21
     22    private final BCryptPasswordEncoder passwordEncoder;
     23
     24    private final AuthenticationSuccessHandler authenticationSuccessHandler;
     25
     26    public AppSecurityConfig(PostgresUserDetailsService userDetailsService, BCryptPasswordEncoder passwordEncoder,
     27                             AuthenticationSuccessHandler authenticationSuccessHandler) {
     28        this.userDetailsService = userDetailsService;
     29        this.passwordEncoder = passwordEncoder;
     30        this.authenticationSuccessHandler = authenticationSuccessHandler;
     31    }
    1732
    1833    @Bean
    19     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    20         http
    21                 .csrf()
     34    public AuthenticationManager customAuthenticationManager() throws Exception {
     35        return authenticationManager();
     36    }
     37
     38    @Override
     39    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     40        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
     41    }
     42
     43    @Override
     44    protected void configure(HttpSecurity http) throws Exception {
     45        http.csrf()
    2246                .disable()
    23                 .authorizeRequests(urlRegistry -> urlRegistry
    24                         .antMatchers("/login*").permitAll()
    25                         .antMatchers("/css/**").permitAll()
    26                         .antMatchers("/anonymous*").permitAll()
    27                         .anyRequest()
    28                         .fullyAuthenticated()
    29                 )
     47                .authorizeRequests()
     48                .antMatchers("/login*").permitAll()
     49                .antMatchers("/css/**").permitAll()
     50                .antMatchers("/anonymous*").anonymous()
     51                .anyRequest()
     52                .fullyAuthenticated()
     53                .and()
    3054                .httpBasic()
    3155                .authenticationEntryPoint(new AppAuthenticationEntryPoint())
     
    3559                .loginPage("/login")
    3660                .loginProcessingUrl("/login")
    37                 .successHandler(new AppAuthenticationSuccessHandler());
    38 
    39         return http.build();
     61                .successHandler(authenticationSuccessHandler);
    4062    }
    41 
    42     @Bean
    43     public UserDetailsManager userDetailsService() {
    44         return null;
    45     }
    46 
    47     @Bean
    48     public BCryptPasswordEncoder bCryptPasswordEncoder() {
    49         return new BCryptPasswordEncoder();
    50     }
    51 
    52     @Bean
    53     public GrantedAuthorityDefaults grantedAuthorityDefaults() {
    54         return new GrantedAuthorityDefaults("");
    55     }
    56 
    5763}
Note: See TracChangeset for help on using the changeset viewer.