All Downloads are FREE. Search and download functionalities are using the official Maven repository.

leap.web.security.DefaultSecurityConfig Maven / Gradle / Ivy

/*
 * Copyright 2013 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package leap.web.security;

import leap.core.AppConfig;
import leap.core.BeanFactory;
import leap.core.annotation.ConfigProperty;
import leap.core.annotation.Configurable;
import leap.core.annotation.Inject;
import leap.core.ioc.BeanList;
import leap.core.ioc.PostConfigureBean;
import leap.core.security.crypto.PasswordEncoder;
import leap.core.web.RequestIgnore;
import leap.lang.Args;
import leap.lang.Strings;
import leap.lang.path.AntPathPattern;
import leap.web.Renderable;
import leap.web.security.csrf.CsrfStore;
import leap.web.security.path.SecuredPaths;
import leap.web.security.user.UserStore;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;

@Configurable(prefix = "websecurity")
public class DefaultSecurityConfig implements SecurityConfig, SecurityConfigurator, PostConfigureBean {

    protected BeanFactory              factory                        = null;
    protected boolean                  enabled                        = false;
    protected boolean                  crossContext                   = false;
    protected Boolean                  csrfEnabled                    = null;
    protected boolean                  authenticateAnyRequests        = true;
    protected boolean                  authorizeAnyRequests           = false;
    protected int                      defaultAuthenticationExpires   = SecurityConstants.DEFAULT_AUTHENTICATION_EXPIRES;
    protected String                   returnUrlParameterName         = SecurityConstants.DEFAULT_RETURN_URL_PARAMETER;
    protected boolean                  rememberMeEnabled              = true;
    protected String                   rememberMeSecret               = null;
    protected String                   rememberMeCookieName           = SecurityConstants.DEFAULT_REMEMBERME_COOKIE;
    protected String                   rememberMeParameterName        = SecurityConstants.DEFAULT_REMEMBERME_PARAMETER;
    protected String                   rememberMeExpiresParameterName = SecurityConstants.DEFAULT_REMEMBERME_EXPIRES_PARAMETER;
    protected String                   loginUrl                       = null;
    protected String                   loginAction                    = SecurityConstants.DEFAULT_LOGIN_ACTION;
    protected String                   logoutAction                   = SecurityConstants.DEFAULT_LOGOUT_ACTION;
    protected String                   logoutSuccessUrl               = SecurityConstants.DEFAULT_LOGOUT_SUCCESS_URL;
    protected int                      defaultRememberMeExpires       = SecurityConstants.DEFAULT_REMEMBERME_EXPIRES;
    protected String                   csrfHeaderName                 = SecurityConstants.DEFAULT_CSRF_HEADER;
    protected String                   csrfParameterName              = SecurityConstants.DEFAULT_CSRF_PARAMETER;
    protected boolean                  authenticationTokenEnabled     = true;
    protected String                   authenticationTokenCookieName  = SecurityConstants.DEFAULT_TOKEN_AUTHENTICATION_COOKIE;
    protected String                   authenticationTokenHeaderName  = SecurityConstants.DEFAULT_TOKEN_AUTHENTICATION_HEADER;
    protected String                   authenticationTokenType        = SecurityConstants.DEFAULT_TOKEN_TYPE;
    protected String                   tokenSecret                    = null;
    protected String                   cookieDomain                   = null;
    protected List      ignores                        = new ArrayList<>();

    protected Map pathPrefixFailureHandlers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    protected @Inject SecuredPaths                  securedPaths;
    protected @Inject PasswordEncoder               passwordEncoder;
    protected @Inject UserStore                     userStore;
    protected @Inject CsrfStore                     csrfStore;
    protected @Inject BeanList interceptors;

    private RequestIgnore[]       ignoresArray       = new RequestIgnore[] {};
    private SecurityInterceptor[] interceptorArray   = new SecurityInterceptor[]{};
    private final Object          interceptorLock    = new Object();
    
    public DefaultSecurityConfig() {
        super();
    }
    
    @Override
    public SecurityConfig config() {
        return this;
    }

    @Override
    public SecuredPaths paths() {
        return securedPaths;
    }

    public boolean isEnabled() {
        return enabled;
    }

    @ConfigProperty
    public SecurityConfigurator setEnabled(boolean enabled) {
        this.enabled = enabled;
        return this;
    }

    @Override
    public BeanList interceptors() {
        return interceptors;
    }

    @Override
    public SecurityInterceptor[] getInterceptors() {
        if(interceptorArray.length != interceptors.size()) {
            synchronized (interceptorLock) {
                if(interceptorArray.length != interceptors.size()){
                    interceptorArray = interceptors.toArray(new SecurityInterceptor[interceptors.size()]);        
                }
            }
        }
        return interceptorArray;
    }

    public boolean isCrossContext() {
        return crossContext;
    }

    @ConfigProperty
    public DefaultSecurityConfig setCrossContext(boolean crossContext) {
        this.crossContext = crossContext;
        return this;
    }

    public boolean isCsrfEnabled() {
        return csrfEnabled == null ? this.enabled : csrfEnabled;
    }

    @ConfigProperty
    public DefaultSecurityConfig setCsrfEnabled(boolean csrfEnabled) {
        this.csrfEnabled = csrfEnabled;
        return this;
    }

    public boolean isAuthenticateAnyRequests() {
        return authenticateAnyRequests;
    }

    @ConfigProperty
    public DefaultSecurityConfig setAuthenticateAnyRequests(boolean authenticateAnyRequests) {
        this.authenticateAnyRequests = authenticateAnyRequests;
        return this;
    }

    public boolean isAuthorizeAnyRequests() {
        return authorizeAnyRequests;
    }

    @ConfigProperty
    public DefaultSecurityConfig setAuthorizeAnyRequests(boolean authorizeAnyRequests) {
        this.authorizeAnyRequests = authorizeAnyRequests;
        return this;
    }
    
    @Override
    public UserStore getUserStore() {
        return userStore;
    }

    @Override
    public CsrfStore getCsrfStore() {
        return csrfStore;
    }

    @Override
    public SecurityConfigurator setUserStore(UserStore userStore) {
        Args.notNull(userStore, "userStore");
        this.userStore = userStore;
        factory.setPrimaryBean(UserStore.class, userStore);
        return this;
    }

    @Override
    public SecurityConfigurator setCsrfStore(CsrfStore csrfStore) {
        Args.notNull(csrfStore, "csrfStore");
        this.csrfStore = csrfStore;
        return this;
    }

    @Override
    public String getReturnUrlParameterName() {
        return returnUrlParameterName;
    }

    @ConfigProperty
    public DefaultSecurityConfig setReturnUrlParameterName(String returnUrlParameterName) {
        Args.notEmpty(returnUrlParameterName);
        this.returnUrlParameterName = returnUrlParameterName;
        return this;
    }

    @Override
    public boolean isRememberMeEnabled() {
        return rememberMeEnabled;
    }

    @ConfigProperty
    public DefaultSecurityConfig setRememberMeEnabled(boolean rememberMeEnabled) {
        this.rememberMeEnabled = rememberMeEnabled;
        return this;
    }

    @Override
    public String getRememberMeSecret() {
        return rememberMeSecret;
    }

    @ConfigProperty
    public DefaultSecurityConfig setRememberMeSecret(String rememberMeSecret) {
        Args.notEmpty(rememberMeSecret);
        this.rememberMeSecret = rememberMeSecret;
        return this;
    }

    public String getRememberMeCookieName() {
        return rememberMeCookieName;
    }

    @ConfigProperty
    public DefaultSecurityConfig setRememberMeCookieName(String rememberMeCookieName) {
        Args.notEmpty(rememberMeCookieName);
        this.rememberMeCookieName = rememberMeCookieName;
        return this;
    }

    public String getRememberMeParameterName() {
        return rememberMeParameterName;
    }

    @ConfigProperty
    public DefaultSecurityConfig setRememberMeParameterName(String rememberMeParameterName) {
        Args.notEmpty(rememberMeParameterName);
        this.rememberMeParameterName = rememberMeParameterName;
        return this;
    }

    public String getRememberMeExpiresParameterName() {
        return rememberMeExpiresParameterName;
    }

    @ConfigProperty
    public DefaultSecurityConfig setRememberMeExpiresParameterName(String rememberMeExpiresParameterName) {
        Args.notEmpty(rememberMeExpiresParameterName);
        this.rememberMeExpiresParameterName = rememberMeExpiresParameterName;
        return this;
    }

    public int getDefaultRememberMeExpires() {
        return defaultRememberMeExpires;
    }

    @ConfigProperty
    public DefaultSecurityConfig setDefaultRememberMeExpires(int defaultRememberExpires) {
        Args.assertTrue(defaultRememberExpires > 0, "Expires must be > 0");
        this.defaultRememberMeExpires = defaultRememberExpires;
        return this;
    }

    @Override
    public String getCsrfHeaderName() {
        return csrfHeaderName;
    }

    @Override
    public String getCsrfParameterName() {
        return csrfParameterName;
    }

    public DefaultSecurityConfig setCsrfHeaderName(String csrfHeaderName) {
        this.csrfHeaderName = csrfHeaderName;
        return this;
    }

    @ConfigProperty
    public DefaultSecurityConfig setCsrfParameterName(String csrfParameterName) {
        this.csrfParameterName = csrfParameterName;
        return this;
    }

    @Override
    public boolean isAuthenticationTokenEnabled() {
        return authenticationTokenEnabled;
    }

    @Override
    public int  getDefaultAuthenticationExpires() {
        return defaultAuthenticationExpires;
    }

    @Override
    public String getAuthenticationTokenCookieName() {
        return authenticationTokenCookieName;
    }

    public String getAuthenticationTokenHeaderName() {
        return authenticationTokenHeaderName;
    }

    @ConfigProperty
    public void setAuthenticationTokenHeaderName(String authenticationTokenHeaderName) {
        this.authenticationTokenHeaderName = authenticationTokenHeaderName;
    }

    @ConfigProperty
    public DefaultSecurityConfig setAuthenticationTokenEnabled(boolean authenticationTokenEnabled) {
        this.authenticationTokenEnabled = authenticationTokenEnabled;
        return this;
    }

    @ConfigProperty
    public void setAuthenticationTokenCookieName(String authenticationTokenCookieName) {
        this.authenticationTokenCookieName = authenticationTokenCookieName;
    }

    public String getAuthenticationTokenType() {
        return authenticationTokenType;
    }

    @ConfigProperty
    public void setAuthenticationTokenType(String authenticationTokenType) {
        this.authenticationTokenType = authenticationTokenType;
    }

    public String getSecret() {
        return tokenSecret;
    }

    @ConfigProperty
    public void setTokenSecret(String tokenSecret) {
        this.tokenSecret = tokenSecret;
    }

    public String getCookieDomain() {
        return cookieDomain;
    }

    @ConfigProperty
    public void setCookieDomain(String cookieDomain) {
        this.cookieDomain = cookieDomain;
    }

    public String getLoginUrl() {
        if(null == loginUrl) {
            return Renderable.ACTION_PREFIX + loginAction;
        }
        return loginUrl;
    }

    @ConfigProperty
    public DefaultSecurityConfig setLoginUrl(String url) {
        this.loginUrl = url;
        return this;
    }
    
    @Override
    public String getLoginAction() {
        return loginAction;
    }

    @Override
    public String getLogoutAction() {
        return logoutAction;
    }

    public String getLogoutSuccessUrl() {
        return logoutSuccessUrl;
    }
    
    @ConfigProperty
    public SecurityConfigurator setLoginAction(String path) {
        this.loginAction = path;
        return this;
    }

    @Override
    public SecurityConfigurator setLogoutAction(String path) {
        this.logoutAction = path;
        return this;
    }

    @ConfigProperty
    public DefaultSecurityConfig setLogoutSuccessUrl(String url) {
        Args.notEmpty(url);
        this.logoutSuccessUrl = url;
        return this;
    }

    @Override
    public SecurityConfigurator setPathPrefixFailureHandler(String pathPrefix, SecurityFailureHandler failureHandler) {
        pathPrefixFailureHandlers.put(pathPrefix, failureHandler);
        return this;
    }

    @Override
    public RequestIgnore[] getIgnores() {
        return ignoresArray;
    }

    @Override
    public Map getPathPrefixFailureHandlers() {
        return pathPrefixFailureHandlers;
    }

    @Override
    public SecuredPaths getSecuredPaths() {
        return securedPaths;
    }

    @Override
    public SecurityConfigurator ignore(String path) {
        AntPathPattern pattern = new AntPathPattern(path);
        ignores.add((req) -> pattern.matches(req.getPath()));
        ignoresArray = ignores.toArray(new RequestIgnore[ignores.size()]);
        return this;
    }

    public SecurityConfigurator setPasswordEncoder(PasswordEncoder encoder) {
        Args.notNull(encoder, "password encoder");
        this.passwordEncoder = encoder;
        return this;
    }

    @Override
    public PasswordEncoder getPasswordEncoder() {
        return passwordEncoder;
    }

    @Override
    public void postConfigure(BeanFactory factory, AppConfig config) throws Throwable {
        this.factory = factory;

        if (Strings.isEmpty(tokenSecret)) {
            tokenSecret = config.ensureGetSecret();
        }
        
        if (Strings.isEmpty(rememberMeSecret)) {
            rememberMeSecret = tokenSecret;
        }

        if (Strings.isEmpty(rememberMeSecret)) {
            rememberMeSecret = config.ensureGetSecret();
        }

    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy