/**
* Copyright (C) 2014 cherimojava (http://github.com/cherimojava/orchidae) Licensed under the Apache License, Version
* 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the
* License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the specific language governing permissions and limitations
* under the License.
*/
package com.github.cherimojava.orchidae.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import com.github.cherimojava.orchidae.security.CsrfHeaderFilter;
import com.github.cherimojava.orchidae.security.MongoAuthenticationProvider;
import com.github.cherimojava.orchidae.security.MongoUserDetailService;
import com.github.cherimojava.orchidae.security.authenticator.PictureAccessAuthenticator;
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity( prePostEnabled = true )
public class cfgSecurity
extends WebSecurityConfigurerAdapter
{
@Autowired
CsrfTokenRepository tokenRepository;
@Override
protected void configure( HttpSecurity http )
throws Exception
{
http.authorizeRequests().antMatchers( "/picture" ).authenticated().anyRequest().permitAll().and().formLogin()
.loginPage( "/#/login" ).permitAll().loginProcessingUrl( "/login.form" ).and()
.addFilterAfter( new CsrfHeaderFilter(), CsrfFilter.class ).csrf().csrfTokenRepository( tokenRepository );
}
@Override
protected void configure( AuthenticationManagerBuilder auth )
throws Exception
{
auth.authenticationProvider( mongoAuthenticationProvider() );
}
@Bean
protected CsrfTokenRepository csrfTokenRepository()
{
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName( "X-XSRF-TOKEN" );
return repository;
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Bean
public MongoAuthenticationProvider mongoAuthenticationProvider()
{
return new MongoAuthenticationProvider();
}
@Bean
@Override
public UserDetailsService userDetailsService()
{
return new MongoUserDetailService();
}
@Bean
public AuthenticationManager authManager()
throws Exception
{
return authenticationManager();
}
@Bean( name = "paa" )
public PictureAccessAuthenticator pictureAccessValidator()
{
return new PictureAccessAuthenticator();
}
}