• Home
• org.wallride
• wallride-core
• 1.0.0.M14
• source code
• WallRideSecurityConfiguration.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.wallride.autoconfigure.WallRideSecurityConfiguration Maven / Gradle / Ivy

/*
 * Copyright 2014 Tagbangers, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wallride.autoconfigure;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.wallride.service.AuthorizedUserDetailsService;
import org.wallride.web.support.BlogLanguageRedirectStrategy;

import javax.sql.DataSource;
import java.util.ArrayList;
import java.util.List;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WallRideSecurityConfiguration {

	@Autowired
	private DataSource dataSource;

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		// @formatter:off
		auth
			.userDetailsService(authorizedUserDetailsService())
			.passwordEncoder(new StandardPasswordEncoder());
		// @formatter:on
	}

	@Configuration
	@Order(1)
	public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {

		@Autowired
		private AccessDecisionManager accessDecisionManager;
//		@Autowired
//		private SecurityExpressionHandler securityExpressionHandler;
		@Autowired
		private PersistentTokenRepository persistentTokenRepository;

		@Override
		public void configure(WebSecurity web) throws Exception {
			// @formatter:off
			web
				.ignoring()
					.antMatchers("/_admin/resources/**")
					.antMatchers("/_admin/webjars/**")
					.antMatchers("/_admin/setup**")
					.antMatchers("/_admin/signup**");
			// @formatter:on
		}

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			// @formatter:off
			http.antMatcher("/_admin/**")
				.authorizeRequests()
					.accessDecisionManager(accessDecisionManager)
//		            .expressionHandler(securityExpressionHandler)
					.antMatchers("/_admin/**").hasRole("ADMIN")
					.and()
				.formLogin()
					.loginPage("/_admin/login").permitAll()
					.loginProcessingUrl("/_admin/login")
					.defaultSuccessUrl("/_admin/")
					.failureUrl("/_admin/login?failed")
					.and()
				.logout()
					.logoutRequestMatcher(new AntPathRequestMatcher("/_admin/logout", "GET"))
					.logoutSuccessUrl("/_admin/login")
					.and()
				.rememberMe()
					.tokenRepository(persistentTokenRepository)
					.and()
				.headers()
					.frameOptions().disable()
					.cacheControl().disable()
					.httpStrictTransportSecurity().disable()
					.and()
				.csrf()
					.disable()
				.exceptionHandling()
					.accessDeniedPage("/_admin/login");
//			if (environment.getProperty("security.require-ssl", Boolean.class, false)) {
//				List channelProcessors = new ArrayList<>();
//				channelProcessors.add(new ProxySecureChannelProcessor());
//				channelProcessors.add(new ProxyInsecureChannelProcessor());
//
//				http.requiresChannel()
//					.channelProcessors(channelProcessors)
//					.anyRequest().requiresSecure();
//			}
			// @formatter:on
		}
	}

	@Configuration
	@Order(2)
	public static class GuestSecurityConfig extends WebSecurityConfigurerAdapter {

		@Autowired
		private AccessDecisionManager accessDecisionManager;
//		@Autowired
//		private SecurityExpressionHandler securityExpressionHandler;
		@Autowired
		private PersistentTokenRepository persistentTokenRepository;

		@Override
		public void configure(WebSecurity web) throws Exception {
			// @formatter:off
			web
				.ignoring()
					.antMatchers("/resources/**")
					.antMatchers("/webjars/**");
			// @formatter:on
		}

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			RedirectStrategy redirectStrategy = new BlogLanguageRedirectStrategy();

			SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
			successHandler.setRedirectStrategy(redirectStrategy);
			successHandler.setDefaultTargetUrl("/");

			SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler("/login?failed");
			failureHandler.setRedirectStrategy(redirectStrategy);

			SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
			logoutSuccessHandler.setRedirectStrategy(redirectStrategy);
			logoutSuccessHandler.setDefaultTargetUrl("/");

			// @formatter:off
			http.antMatcher("/**")
				.authorizeRequests()
					.accessDecisionManager(accessDecisionManager)
//		            .expressionHandler(securityExpressionHandler)
					.antMatchers("/settings/**").hasRole("VIEWER")
					.antMatchers("/comments/**").hasRole("VIEWER")
					.and()
				.formLogin()
					.loginPage("/login").permitAll()
					.loginProcessingUrl("/login")
					.successHandler(successHandler)
					.failureHandler(failureHandler)
					.and()
				.logout()
					.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
					.logoutSuccessHandler(logoutSuccessHandler)
					.and()
				.rememberMe()
					.tokenRepository(persistentTokenRepository)
					.and()
				.headers()
					.frameOptions().disable()
					.cacheControl().disable()
					.httpStrictTransportSecurity().disable()
					.and()
				.csrf()
					.disable()
				.exceptionHandling()
					.accessDeniedPage("/login");
//			if (environment.getProperty("security.require-ssl", Boolean.class, false)) {
//				List channelProcessors = new ArrayList<>();
//				channelProcessors.add(new ProxySecureChannelProcessor());
//				channelProcessors.add(new ProxyInsecureChannelProcessor());
//
//				http.requiresChannel()
//					.channelProcessors(channelProcessors)
//					.anyRequest().requiresSecure();
//			}
			// @formatter:on
		}
	}

	@Bean
	public UserDetailsService authorizedUserDetailsService() {
		return new AuthorizedUserDetailsService();
	}

	@Bean
	public AffirmativeBased accessDecisionManager() {
		List> accessDecisionVoters = new ArrayList<>();
		accessDecisionVoters.add(roleVoter());
		accessDecisionVoters.add(webExpressionVoter());

		AffirmativeBased accessDecisionManager = new AffirmativeBased(accessDecisionVoters);
		return accessDecisionManager;
	}

	@Bean
	public WebExpressionVoter webExpressionVoter() {
		WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
		webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
		return webExpressionVoter;
	}

	@Bean
	public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
		DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
		defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy());
		return defaultWebSecurityExpressionHandler;
	}

	@Bean
	public RoleHierarchy roleHierarchy() {
		RoleHierarchyImpl hierarchy = new RoleHierarchyImpl();
		hierarchy.setHierarchy("ROLE_ADMIN > ROLE_VIEWER");
		return hierarchy;
	}

	@Bean
	public RoleVoter roleVoter() {
		return new RoleHierarchyVoter(roleHierarchy());
	}

	@Bean
	public PersistentTokenRepository persistentTokenRepository() {
		JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl();
		repository.setDataSource(dataSource);
		return repository;
	}
}