• Home
• com.formkiq
• formkiq-server
• 0.5.6
• source code
• SecurityConfig.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.formkiq.server.config.SecurityConfig Maven / Gradle / Ivy

/*
 * Copyright (C) 2016 FormKiQ Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.formkiq.server.config;

import static com.formkiq.server.api.SystemController.API_SYSTEM_PING;
import static com.formkiq.server.api.SystemController.API_SYSTEM_SETUP;
import static com.formkiq.server.api.UsersController.API_USER_CAN_CREATE;
import static com.formkiq.server.api.UsersController.API_USER_LOST_PASSWORD;
import static com.formkiq.server.api.UsersController.API_USER_RESET_PASSWORD;
import static com.formkiq.server.api.UsersController.API_USER_SAVE;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * Application Security Config.
 *
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /** AuthenticationProvider. */
    @Autowired
    private AuthenticationProvider authenticationProvider;

    /**
     * Configure Authentication Provider.
     * @param auth AuthenticationManagerBuilder
     * @throws Exception Exception
     */
    @Autowired
    public void globalUserDetails(final AuthenticationManagerBuilder auth)
            throws Exception {
        // auth.inMemoryAuthentication().withUser("marissa")
        //.password("koala").roles("USER").and().withUser("paul")
        // .password("emu").roles("USER");
        auth.authenticationProvider(this.authenticationProvider);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
        .requestMatcher(new NonOAuthRequestMatcher())
        .csrf().disable()
        .authorizeRequests()
                .antMatchers("/", "/setup", "/resetpassword", "/lostpassword",
                        "/register", "/home", "/js/**", "/css/**", "/403",
                        "/striped/**", API_SYSTEM_SETUP, API_USER_LOST_PASSWORD,
                        API_USER_RESET_PASSWORD, API_USER_SAVE,
                        API_SYSTEM_PING, API_USER_CAN_CREATE)
                .permitAll()
                .antMatchers("/admin/**", "/api/**").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/admin/index")
            .permitAll()
            .and()
            .logout().clearAuthentication(true)
            .permitAll();
    }
}