• Home
• io.committed.invest
• invest-plugin-server-auth
• 0.7.2
• source code
• AbstractWithAuthSecurityConfig.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.committed.invest.plugin.server.auth.config.AbstractWithAuthSecurityConfig Maven / Gradle / Ivy

package io.committed.invest.plugin.server.auth.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;

import io.committed.invest.core.auth.AuthenticationSettings;
import io.committed.invest.core.auth.InvestRoles;
import io.committed.invest.core.services.UiUrlService;
import io.committed.invest.plugin.server.auth.graphql.AuthGraphQlResolver;
import io.committed.invest.plugin.server.repo.UserAccountRepository;
import io.committed.invest.plugin.server.services.EnsureAdminUserExists;
import io.committed.invest.plugin.server.services.UserAccountDetailsRepositoryService;
import io.committed.invest.plugin.server.services.UserService;

/** Base class for configuration of Authentication */
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public abstract class AbstractWithAuthSecurityConfig {

  @Autowired UiUrlService urlService;

  @Bean
  public SecurityWebFilterChain springWebFilterChain(
      final ServerHttpSecurity http,
      final ServerSecurityContextRepository securityContextRepository,
      final ReactiveAuthenticationManager authenticationManager) {

    // For the /view we want to allow iframe acccess
    http.headers().frameOptions().disable();

    http.csrf().disable();

    http.authenticationManager(authenticationManager);
    http.securityContextRepository(securityContextRepository);

    http.authorizeExchange()
        // Allow access to static files inside the UI
        .pathMatchers(urlService.getContextPath() + "/**")
        .permitAll()
        .pathMatchers("/actuator/**")
        .hasRole(InvestRoles.ADMINISTRATOR)
        .anyExchange()
        .permitAll();

    return http.build();
  }

  @Bean
  public EnsureAdminUserExists ensureAdminUserExists(
      final UserService userService, final UserAccountRepository userAccounts) {
    return new EnsureAdminUserExists(userService, userAccounts);
  }

  @Bean
  public UserService userService(
      final UserAccountRepository userAccounts, final PasswordEncoder passwordEncoder) {
    return new UserService(userAccounts, passwordEncoder);
  }

  @Bean
  public UserAccountDetailsRepositoryService userAccountService(
      final UserAccountRepository repository) {
    return new UserAccountDetailsRepositoryService(repository);
  }

  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }

  @Bean
  public AuthGraphQlResolver authController(
      final UserService userService, final ReactiveAuthenticationManager authenticationManager) {
    return new AuthGraphQlResolver(authenticationManager, userService);
  }

  // Store our security into in the websession
  @Bean
  public ServerSecurityContextRepository securityContextRepository() {
    return new WebSessionServerSecurityContextRepository();
  }

  @Bean
  public UserDetailsRepositoryReactiveAuthenticationManager authenticationManager(
      final ReactiveUserDetailsService reactiveUserDetailsService,
      final PasswordEncoder passwordEncoder) {
    final UserDetailsRepositoryReactiveAuthenticationManager manager =
        new UserDetailsRepositoryReactiveAuthenticationManager(reactiveUserDetailsService);
    manager.setPasswordEncoder(passwordEncoder);
    return manager;
  }

  @Bean
  public AuthenticationSettings authSettings() {
    return new AuthenticationSettings(true);
  }
}