86 lines
3.8 KiB
Java
86 lines
3.8 KiB
Java
package ru.ulstu.configuration;
|
|
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
import org.springframework.beans.factory.BeanInitializationException;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
|
import ru.ulstu.model.UserRoleConstants;
|
|
import ru.ulstu.user.UserService;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
|
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
|
|
|
private final UserService userService;
|
|
private final BCryptPasswordEncoder bCryptPasswordEncoder;
|
|
private final AuthenticationSuccessHandler authenticationSuccessHandler;
|
|
private final LogoutSuccessHandler logoutSuccessHandler;
|
|
|
|
public SecurityConfiguration(UserService userService,
|
|
BCryptPasswordEncoder bCryptPasswordEncoder,
|
|
AuthenticationSuccessHandler authenticationSuccessHandler,
|
|
LogoutSuccessHandler logoutSuccessHandler) {
|
|
this.userService = userService;
|
|
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
|
this.authenticationSuccessHandler = authenticationSuccessHandler;
|
|
this.logoutSuccessHandler = logoutSuccessHandler;
|
|
}
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http.csrf().disable();
|
|
http.headers().frameOptions().disable();
|
|
log.debug("Security enabled");
|
|
http.authorizeRequests()
|
|
.antMatchers("/").permitAll()
|
|
.antMatchers("/login", "/index", "/news/**", "/h2-console/*", "/h2-console").permitAll()
|
|
.antMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
|
|
.anyRequest().authenticated()
|
|
.and()
|
|
.formLogin()
|
|
.loginPage("/login")
|
|
.failureUrl("/loginError")
|
|
.successHandler(authenticationSuccessHandler)
|
|
.permitAll()
|
|
.and()
|
|
.logout()
|
|
.logoutSuccessHandler(logoutSuccessHandler)
|
|
.logoutSuccessUrl(Constants.LOGOUT_URL)
|
|
.invalidateHttpSession(false)
|
|
.clearAuthentication(true)
|
|
.deleteCookies(Constants.COOKIES_NAME)
|
|
.permitAll();
|
|
}
|
|
|
|
@Override
|
|
public void configure(WebSecurity web) {
|
|
web.ignoring()
|
|
.antMatchers("/css/**")
|
|
.antMatchers("/js/**")
|
|
.antMatchers("/img/**")
|
|
.antMatchers("/templates/**")
|
|
.antMatchers("/webjars/**");
|
|
}
|
|
|
|
@Autowired
|
|
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
|
try {
|
|
auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
|
|
} catch (Exception e) {
|
|
throw new BeanInitializationException("Security configuration failed", e);
|
|
}
|
|
}
|
|
}
|