All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • com.foreach.across.modules.debugweb.extensions.DebugWebSecurityConfiguration Maven / Gradle / Ivy

    The newest version!
    /*
 * Copyright 2014 the original author or authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.foreach.across.modules.debugweb.extensions;

import com.foreach.across.core.annotations.ModuleConfiguration;
import com.foreach.across.modules.debugweb.DebugWeb;
import com.foreach.across.modules.debugweb.DebugWebModuleSettings;
import com.foreach.across.modules.spring.security.SpringSecurityModule;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.util.Assert;

import static com.foreach.across.modules.debugweb.DebugWebModuleSettings.*;
import static java.lang.String.format;
import static org.springframework.security.config.Customizer.withDefaults;

@ModuleConfiguration(SpringSecurityModule.NAME)
@ConditionalOnClass(HttpSecurity.class)
@ConditionalOnProperty(value = SECURITY_ENABLED, matchIfMissing = true)
@EnableConfigurationProperties(DebugWebModuleSettings.SecuritySettings.class)
@Slf4j
public class DebugWebSecurityConfiguration
{
	@Autowired
	private DebugWebModuleSettings.SecuritySettings securitySettings;

	@Autowired
	private DebugWeb debugWeb;

	@SuppressWarnings("Convert2MethodRef")
	@Bean
	public SecurityFilterChain debugWebSecurityFilterChain( HttpSecurity http ) throws Exception {
		LOG.info( "Creating debugWebSecurityFilterChain" );
		return http
				.securityMatcher( debugWeb.path( "/**" ) )
				.authorizeHttpRequests( ( authz ) -> authz
						.anyRequest()
						.access( buildAccessExpression() ) )
				.formLogin().disable()
				.httpBasic( withDefaults() )
				.sessionManagement( ( customizer ) -> customizer
						.sessionCreationPolicy( SessionCreationPolicy.STATELESS ) )
				.csrf().disable()
				.userDetailsService( buildUserDetailsService() )
				.build();
	}

	// Allow a set of IPs without a password and allow non-known IPs with a password
	protected AuthorizationManager buildAccessExpression() {
		StringBuilder sb = new StringBuilder();
		for ( String ipAddress : securitySettings.getIpAddresses() ) {
			if ( sb.length() > 0 ) {
				sb.append( " or " );
			}
			sb.append( "hasIpAddress('" ).append( StringUtils.trim( ipAddress ) ).append( "')" );
		}
		if ( !StringUtils.isBlank( securitySettings.getAuthority() ) ) {
			if ( sb.length() > 0 ) {
				sb.append( " or " );
			}
			sb.append( "hasAuthority('" ).append( securitySettings.getAuthority() ).append( "')" );
		}
		String result = sb.toString();
		LOG.info( "Using access expression: {}", result );
		return new WebExpressionAuthorizationManager( result );
	}

	protected UserDetailsService buildUserDetailsService() {
		if ( StringUtils.isBlank( securitySettings.getUsername() ) ) {
			LOG.warn( "Not adding in memory user to debugWebSecurityFilterChain because {} is not configured.", SECURITY_USERNAME );
			return new InMemoryUserDetailsManager();
		}
		Assert.hasText( securitySettings.getPassword(),
		                format( "%s missing while %s=true and %s=%s",
		                        SECURITY_PASSWORD, SECURITY_ENABLED, SECURITY_USERNAME, securitySettings.getUsername() ) );
		Assert.hasText( securitySettings.getAuthority(),
		                format( "%s missing while %s=true and %s=%s",
		                        SECURITY_AUTHORITY, SECURITY_ENABLED, SECURITY_USERNAME, securitySettings.getUsername() ) );
		UserDetails user = User.builder()
		                       .username( securitySettings.getUsername() )
		                       .password( securitySettings.getPassword() )
		                       .authorities( securitySettings.getAuthority() )
		                       .build();
		return new InMemoryUserDetailsManager( user );
	}

}




    © 2015 - 2025 Weber Informatics LLC | Privacy Policy