• Home
• com.xlrit.gears.runtime
• gears-runtime-server
• 1.17.6
• source code
• InternalWebSecurityConfiguration.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.xlrit.gears.server.security.internal.InternalWebSecurityConfiguration Maven / Gradle / Ivy

package com.xlrit.gears.server.security.internal;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.xlrit.gears.base.repository.RoleRepository;
import com.xlrit.gears.base.repository.UserRepository;
import com.xlrit.gears.base.util.PasswordEncoderHolder;
import com.xlrit.gears.server.security.AuthProperties;
import com.xlrit.gears.server.security.TokenManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.DefaultSecurityFilterChain;

@Configuration
@ConditionalOnProperty(name = "gears.auth.mode", havingValue = "internal")
public class InternalWebSecurityConfiguration {
	private static final Logger LOG = LoggerFactory.getLogger(InternalWebSecurityConfiguration.class);

	private final BearerConverter converter;

	@Value("${gears.security.content-policy}")
	private String contentPolicy;

	InternalWebSecurityConfiguration(AuthProperties authProperties, RoleRepository roles) {
		Algorithm algorithm = Algorithm.HMAC256(authProperties.getInternal().getSecret());
		JWTVerifier verifier = JWT.require(algorithm).withIssuer(authProperties.getInternal().getIssuer()).build();
		this.converter = new InternalAuthenticationConverter(verifier, roles);
	}

	@Bean
	public DefaultSecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
		LOG.info("Applying internal authentication mode");
		http.cors(Customizer.withDefaults());
		http.csrf(AbstractHttpConfigurer::disable);
		http.logout(AbstractHttpConfigurer::disable);
		http.anonymous(a -> a.principal("anonymous"));
		http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
		http.authorizeHttpRequests(requests -> requests.anyRequest().permitAll());

		http.headers(headers -> {
			headers.contentSecurityPolicy(csp -> csp.policyDirectives(contentPolicy));
			headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin); // obsolete; replaced by contentSecurityPolicy property 'frame-ancestors'
			headers.xssProtection(HeadersConfigurer.XXssConfig::disable);           // obsolete; replaced by contentSecurityPolicy
		});

		http.apply(new InternalAuthenticationConfigurer(converter));

		return http.build();
	}

	@Bean
	public TokenManager tokenManager(AuthProperties authProperties, UserRepository userRepository) {
		PasswordEncoder passwordEncoder = PasswordEncoderHolder.get();
		return new TokenManagerImpl(authProperties, userRepository, passwordEncoder);
	}
}