package fr.openwide.core.basicapp.core.config.spring; import static fr.openwide.core.basicapp.core.property.BasicApplicationCorePropertyIds.SECURITY_PASSWORD_USER_FORBIDDEN_PASSWORDS; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Scope; import org.springframework.context.annotation.ScopedProxyMode; import org.springframework.security.acls.domain.PermissionFactory; import fr.openwide.core.basicapp.core.business.user.model.BasicUser; import fr.openwide.core.basicapp.core.business.user.model.TechnicalUser; import fr.openwide.core.basicapp.core.business.user.model.User; import fr.openwide.core.basicapp.core.security.model.BasicApplicationPermission; import fr.openwide.core.basicapp.core.security.model.SecurityOptions; import fr.openwide.core.basicapp.core.security.service.BasicApplicationPermissionEvaluator; import fr.openwide.core.basicapp.core.security.service.ISecurityManagementService; import fr.openwide.core.basicapp.core.security.service.SecurityManagementServiceImpl; import fr.openwide.core.jpa.security.config.spring.AbstractJpaSecuritySecuredConfig; import fr.openwide.core.jpa.security.password.rule.SecurityPasswordRulesBuilder; import fr.openwide.core.jpa.security.service.AuthenticationUserNameComparison; import fr.openwide.core.jpa.security.service.ICorePermissionEvaluator; import fr.openwide.core.jpa.security.service.NamedPermissionFactory; import fr.openwide.core.spring.property.service.IPropertyService; @Configuration public class BasicApplicationCoreSecurityConfig extends AbstractJpaSecuritySecuredConfig { @Autowired private IPropertyService propertyService; @Override @Bean @Scope(proxyMode = ScopedProxyMode.INTERFACES) public ICorePermissionEvaluator permissionEvaluator() { return new BasicApplicationPermissionEvaluator(); } @Bean @Override public AuthenticationUserNameComparison authenticationUserNameComparison() { return AuthenticationUserNameComparison.CASE_SENSITIVE; } @Override public String roleHierarchyAsString() { return defaultRoleHierarchyAsString(); } @Override public String permissionHierarchyAsString() { return defaultPermissionHierarchyAsString(); } @Override public PermissionFactory permissionFactory() { return new NamedPermissionFactory(BasicApplicationPermission.ALL); } @Bean public ISecurityManagementService securityManagementService() { SecurityManagementServiceImpl securityManagementService = new SecurityManagementServiceImpl(); securityManagementService .setOptions( TechnicalUser.class, new SecurityOptions() .passwordAdminRecovery() .passwordAdminUpdate() .passwordExpiration() .passwordHistory() .passwordUserRecovery() .passwordUserUpdate() .passwordRules( SecurityPasswordRulesBuilder.start() .minMaxLength(User.MIN_PASSWORD_LENGTH, User.MAX_PASSWORD_LENGTH) .forbiddenUsername() .forbiddenPasswords(propertyService.get(SECURITY_PASSWORD_USER_FORBIDDEN_PASSWORDS)) .build() ) ) .setOptions( BasicUser.class, new SecurityOptions() .passwordAdminRecovery() .passwordExpiration() .passwordHistory() .passwordUserRecovery() .passwordUserUpdate() .passwordRules( SecurityPasswordRulesBuilder.start() .minMaxLength(User.MIN_PASSWORD_LENGTH, User.MAX_PASSWORD_LENGTH) .forbiddenUsername() .forbiddenPasswords(propertyService.get(SECURITY_PASSWORD_USER_FORBIDDEN_PASSWORDS)) .build() ) ) .setDefaultOptions( SecurityOptions.DEFAULT ) ; return securityManagementService; } }