com.fivefaces.structureclient.config.security.patient.PatientApiSecurityConfig Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of common-structure-client Show documentation
Show all versions of common-structure-client Show documentation
structure Client for Five Faces
package com.fivefaces.structureclient.config.security.patient;
import com.fivefaces.structureclient.config.security.SecurityConstants;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.web.cors.CorsConfigurationSource;
@Configuration
@Order(3)
@Slf4j
@RequiredArgsConstructor
public class PatientApiSecurityConfig extends WebSecurityConfigurerAdapter {
private final CorsConfigurationSource corsConfigurationSource;
private final AuthenticationEntryPoint restApiAuthenticationEntryPoint;
private final AccessDeniedHandler restApiAccessDeniedHandler;
private final AuthenticationProvider patientApiAuthenticationProvider;
private final PatientJwtTokenService patientJwtTokenService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().configurationSource(corsConfigurationSource);
http.antMatcher(SecurityConstants.PATIENT_API_PATH + "/**")
.cors().configurationSource(corsConfigurationSource).and()
.authorizeRequests()
.antMatchers(SecurityConstants.PATIENT_API_PATH + "/**").authenticated()
.anyRequest().denyAll()
.and()
.addFilterAfter(patientAuthenticationFilter(), RememberMeAuthenticationFilter.class)
.exceptionHandling()
.authenticationEntryPoint(restApiAuthenticationEntryPoint)
.accessDeniedHandler(restApiAccessDeniedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(patientApiAuthenticationProvider);
}
private PatientAuthenticationFilter patientAuthenticationFilter() throws Exception {
return new PatientAuthenticationFilter(authenticationManager(), restApiAuthenticationEntryPoint,
patientJwtTokenService);
}
}