55 lines
2.5 KiB
Java
55 lines
2.5 KiB
Java
package pl.adaptiveapps.serviceexternalserver.config;
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.http.HttpMethod;
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
import org.springframework.security.authentication.ProviderManager;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
import pl.adaptiveapps.serviceexternalserver.auth.ExtTokenAuthenticationProvider;
|
|
import pl.adaptiveapps.serviceexternalserver.auth.ExtTokenAuthenticationTokenFilter;
|
|
|
|
import java.util.Collections;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
private final ExtTokenAuthenticationProvider extTokenAuthenticationProvider;
|
|
|
|
public SecurityConfig(ExtTokenAuthenticationProvider extTokenAuthenticationProvider) {
|
|
this.extTokenAuthenticationProvider = extTokenAuthenticationProvider;
|
|
}
|
|
|
|
@Override
|
|
protected AuthenticationManager authenticationManager() {
|
|
return new ProviderManager(Collections.singletonList(extTokenAuthenticationProvider));
|
|
}
|
|
|
|
private ExtTokenAuthenticationTokenFilter authenticationTokenFilterBean() {
|
|
ExtTokenAuthenticationTokenFilter authenticationTokenFilter = new ExtTokenAuthenticationTokenFilter();
|
|
authenticationTokenFilter.setAuthenticationManager(authenticationManager());
|
|
authenticationTokenFilter.setAuthenticationSuccessHandler((request, response, authentication) -> {
|
|
});
|
|
return authenticationTokenFilter;
|
|
}
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http
|
|
.csrf().disable()
|
|
.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
|
|
.antMatchers("/**").authenticated()
|
|
.and()
|
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
|
http
|
|
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
|
|
}
|
|
|
|
}
|