• Home
• com.github.squirrelgrip
• scientist4k-application-common
• 0.10.1
• source code
• WebSecurityConfiguration.kt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.github.squirrelgrip.app.common.configuration.WebSecurityConfiguration.kt Maven / Gradle / Ivy

package com.github.squirrelgrip.app.common.configuration

import org.springframework.beans.factory.annotation.Value
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.PropertySource
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.builders.WebSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.web.cors.CorsConfiguration
import org.springframework.web.cors.CorsConfigurationSource
import org.springframework.web.cors.UrlBasedCorsConfigurationSource

@Configuration
@EnableWebSecurity
@PropertySource(value = ["classpath:application.properties"])
class WebSecurityConfiguration: WebSecurityConfigurerAdapter() {
    @Value("\${server.cors.enabled}")
    private val corsEnabled: Boolean = true

    override fun configure(http: HttpSecurity) {
        http
                .csrf().disable()
                .cors().configurationSource(configurationSource())
        http
                .antMatcher("/**").authorizeRequests()
                .antMatchers("/**").permitAll()
                .anyRequest().authenticated()
    }

    override fun configure(auth: AuthenticationManagerBuilder) {
        auth.inMemoryAuthentication()
    }

    override fun configure(web: WebSecurity?) {
        web?.ignoring()?.antMatchers("/actuator/refresh")
    }

    private fun configurationSource(): CorsConfigurationSource {
        val source = UrlBasedCorsConfigurationSource()

        if (!corsEnabled) {
            val configuration =  CorsConfiguration()
            configuration.allowedOrigins = listOf("*")
            configuration.allowedMethods = listOf("*")
            configuration.allowedHeaders = listOf("*")
            configuration.allowCredentials = true
            source.registerCorsConfiguration("/**", configuration)
        }
        return source
    }
}