SecurityConfiguration.java

package alien4cloud.security.spring;

import java.util.List;

import javax.annotation.Resource;

import lombok.extern.slf4j.Slf4j;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.ManagementServerProperties;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.social.security.SpringSocialConfigurer;

import alien4cloud.security.AuthorizationUtil;

import com.google.common.collect.Lists;

@Slf4j
@Configuration
@ConditionalOnProperty(value = "saml.enabled", havingValue = "false")
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Resource
    private SecurityProperties security;
    @Resource
    private Alien4CloudAccessDeniedHandler accessDeniedHandler;
    @Resource
    private Alien4CloudAuthenticationProvider authenticationProvider;

    @Autowired
    private Environment env;

    @Bean
    public Alien4CloudAuthenticationProvider authenticationProvider() {
        return new Alien4CloudAuthenticationProvider();
    }

    @Bean
    @Profile("security-demo")
    public DaoAuthenticationProvider demoAuthenticationProvider() {
        log.warn("ALIEN 4 CLOUD is Running in DEMO mode. This includes demo users and MUST NOT BE USED in PRODUCTION");
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        List<UserDetails> users = getUsers(
                new String[] { "user", "componentManager", "componentBrowser", "applicationManager", "appManager", "admin", "architect" },
                new String[] { "COMPONENTS_BROWSER", "COMPONENTS_BROWSER, COMPONENTS_MANAGER", "COMPONENTS_BROWSER",
                        "APPLICATIONS_MANAGER, COMPONENTS_BROWSER, COMPONENTS_MANAGER", "APPLICATIONS_MANAGER, COMPONENTS_BROWSER, COMPONENTS_MANAGER", "ADMIN",
                        "ARCHITECT, COMPONENTS_BROWSER" });
        InMemoryUserDetailsManager detailsManager = new InMemoryUserDetailsManager(users);
        provider.setUserDetailsService(detailsManager);
        return provider;
    }

    public List<UserDetails> getUsers(String[] usernames, String[] roles) {
        List<UserDetails> users = Lists.newArrayList();
        for (int i = 0; i < usernames.length; i++) {
            List<GrantedAuthority> authorities = Lists.newArrayList();
            for (String role : roles[i].split(",")) {
                authorities.add(new SimpleGrantedAuthority(role.trim()));
            }
            users.add(new org.springframework.security.core.userdetails.User(usernames[i], usernames[i], authorities));
        }
        return users;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // configure the HttpSecurity
        AuthorizationUtil.configure(http, null);

        if (env.acceptsProfiles("github-auth")) {
            log.info("GitHub profile is active - enabling Spring Social features");
            http.apply(new SpringSocialConfigurer().postLoginUrl("/").alwaysUsePostLoginUrl(true));
        }
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        log.debug("Configure ignore path");
        web.ignoring().antMatchers("/api-doc/**", "/api-docs/**", "/data/**", "/bower_components/**", "/images/**", "/js-lib/**", "/scripts/**", "/styles/**",
                "/views/**", "/rest/admin/health");
    }

}