package org.kalipo.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
import javax.inject.Inject;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
// WARNING : you have configured the project to use Websockets and OAuth2 authentication, which do not work together: https://github.com/jhipster/generator-jhipster/issues/490
@Inject
private UserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new StandardPasswordEncoder();
}
@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
// @Override
// public void configure(HttpSecurity web) throws Exception {
//// web.authorizeRequests().regexMatchers(HttpMethod.POST, "/app/rest/reports").permitAll()
//// ;
// }
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/bower_components/**")
.antMatchers("/fonts/**")
.antMatchers("/images/**")
.antMatchers("/scripts/**")
.antMatchers("/styles/**")
.antMatchers("/views/**")
.antMatchers("/i18n/**")
.antMatchers("/swagger-ui/**")
.antMatchers("/app/rest/register")
.antMatchers("/app/rest/feedbacks/**")
.antMatchers("/app/rest/activate")
// API getters do not require authentication
.regexMatchers(HttpMethod.GET, "/app/rest/threads.*")
.regexMatchers(HttpMethod.GET, "/app/rest/comments.*")
// websocket
.regexMatchers(HttpMethod.GET, "/websocket/.*")
.regexMatchers(HttpMethod.POST, "/websocket/.*")
;
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
private static class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
}
}