Created
July 13, 2018 10:20
-
-
Save RemiBou/fe3a28644cddf8b4e72ad9fdeb26d24e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * The security configuration. | |
| * <P> | |
| * @author Pangee. | |
| * @version 1.0.0-SNAPSHOT | |
| */ | |
| @Configuration | |
| @EnableWebSecurity | |
| @EnableRedisHttpSession | |
| @EnableGlobalMethodSecurity(prePostEnabled = true) | |
| public class SecurityConfiguration extends WebSecurityConfigurerAdapter { | |
| /** | |
| * The security service. | |
| */ | |
| @Inject | |
| private ISecurityService securityService; | |
| /** | |
| * The session repository manager. | |
| */ | |
| @Inject | |
| private SessionRepository sessionRepository; | |
| /** | |
| * The redis connection factory. | |
| */ | |
| @Inject | |
| private RedisConnectionFactory redisConnectionFactory; | |
| /** | |
| * The HMAC key to handle production details. | |
| */ | |
| @Value("${security.mobile.hmacKey}") | |
| private String securityMobileHmacKey; | |
| /** | |
| * The unauthorized entry point. | |
| * @return an entry point raising 403 if access is not authorized. | |
| */ | |
| @Bean | |
| public AuthenticationEntryPoint unauthorizedEntryPoint() { | |
| return new UnauthorizedEntryPoint(); | |
| } | |
| /** | |
| * The access denied handler. | |
| * @return an handler raising 403 if access is not authorized. | |
| */ | |
| @Bean | |
| public AccessDeniedHandler accessDeniedHandler() { | |
| return new UnauthorizedEntryPoint(); | |
| } | |
| /** | |
| * The authentication manager. | |
| * @return an handler to the authentication manager. | |
| * @throws Exception if an error occurs. | |
| */ | |
| @Bean | |
| public AuthenticationManager appAuthenticationManager() | |
| throws Exception { | |
| return super.authenticationManagerBean(); | |
| } | |
| /** | |
| * Use a HTTP Header strategy with token based authentication. | |
| * @return an instance of {@link HeaderHttpSessionStrategy}. | |
| */ | |
| @Bean | |
| public HttpSessionStrategy httpSessionStrategy() { | |
| return new HeaderHttpSessionStrategy(); | |
| } | |
| /** | |
| * The BCrypt password encoder. | |
| * @return the BCrypt password encoder. | |
| */ | |
| @Bean | |
| public PasswordEncoder passwordEncoder() { | |
| return new BCryptPasswordEncoder(8); | |
| } | |
| /** | |
| * A custom basic authentication filter. | |
| * @return an instance of the filter. | |
| * @throws Exception if {@link SecurityConfiguration#appAuthenticationManager()} | |
| * throws an exception. | |
| */ | |
| @Bean | |
| public CustomBasicAuthenticationFilter customBasicAuthenticationFilter() | |
| throws Exception { | |
| return new CustomBasicAuthenticationFilter(appAuthenticationManager()); | |
| } | |
| /** | |
| * Build a DAO authentication provider. | |
| * @return the DAO authentication provider. | |
| */ | |
| @Bean | |
| public DaoAuthenticationProvider daoAuthenticationProvider() { | |
| DaoAuthenticationProvider dao = new DaoAuthenticationProvider(); | |
| dao.setUserDetailsService(securityService); | |
| dao.setPasswordEncoder(passwordEncoder()); | |
| return dao; | |
| } | |
| /** | |
| * Configure the session repository filter. | |
| * @return the session repository filter. | |
| */ | |
| @Bean | |
| public SessionRepositoryFilter<? extends ExpiringSession> springSessionRepositoryFilter() { | |
| SessionRepositoryFilter<? extends ExpiringSession> springSessionRepositoryFilter = | |
| new SessionRepositoryFilter<>(sessionRepository); | |
| springSessionRepositoryFilter.setHttpSessionStrategy(httpSessionStrategy()); | |
| return springSessionRepositoryFilter; | |
| } | |
| /** | |
| * The redis template used for pre-auth user details. | |
| * @return the redis template. | |
| */ | |
| @Bean | |
| public RedisTemplate<String, UserDetails> preAuthUserDetailsRedisTemplate() { | |
| RedisTemplate<String, UserDetails> redisTemplate = new RedisTemplate<>(); | |
| redisTemplate.setConnectionFactory(redisConnectionFactory); | |
| return redisTemplate; | |
| } | |
| /** | |
| * Builds a pre-authenticated authentication provider. | |
| * @return the authentication provider. | |
| */ | |
| @Bean | |
| public PreAuthenticationUserDetailsService preAuthUserDetailsService() { | |
| PreAuthenticationUserDetailsService preAuthUserDetailsService = | |
| new PreAuthenticationUserDetailsService(); | |
| preAuthUserDetailsService.setRedisTemplate(preAuthUserDetailsRedisTemplate()); | |
| preAuthUserDetailsService.setHmacKey(securityMobileHmacKey); | |
| return preAuthUserDetailsService; | |
| } | |
| /** | |
| * Builds a pre-authenticated authentication provider. | |
| * @return the authentication provider. | |
| */ | |
| @Bean | |
| public PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider() { | |
| PreAuthenticatedAuthenticationProvider preAuthProvider = new PreAuthenticatedAuthenticationProvider(); | |
| preAuthProvider.setPreAuthenticatedUserDetailsService(preAuthUserDetailsService()); | |
| return preAuthProvider; | |
| } | |
| @Bean | |
| public AuthenticationByTokenProvider authenticationByTokenProvider() { | |
| AuthenticationByTokenProvider authenticationByTokenProvider = new AuthenticationByTokenProvider(); | |
| authenticationByTokenProvider.setUserDetailsService(securityService); | |
| return authenticationByTokenProvider; | |
| } | |
| /** | |
| * Builds a pre-authenticated request header authentication filter. | |
| * @return the pre-authenticated request header authentication filter. | |
| * @throws Exception if an error occurs. | |
| */ | |
| @Bean | |
| public RequestHeaderAuthenticationFilter preAuthenticationRequestHeaderAuthenticationFilter() | |
| throws Exception { | |
| RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = | |
| new MobileOriginRequestHeaderAuthenticationFilter(); | |
| requestHeaderAuthenticationFilter.setAuthenticationManager(appAuthenticationManager()); | |
| return requestHeaderAuthenticationFilter; | |
| } | |
| /** | |
| * Gets the language country header filter. | |
| * @return the language country header filter. | |
| */ | |
| @Bean | |
| public LanguageCountryHeaderFilter languageCountryHeaderFilter() { | |
| return new LanguageCountryHeaderFilter(); | |
| } | |
| /** | |
| * {@inheritDoc} | |
| */ | |
| @Override | |
| protected void configure(HttpSecurity http) | |
| throws Exception { | |
| // @formatter:off | |
| http | |
| .addFilterBefore(super.getApplicationContext().getBean(LanguageCountryHeaderFilter.class), ChannelProcessingFilter.class) | |
| .addFilterBefore(super.getApplicationContext().getBean(SessionRepositoryFilter.class), ChannelProcessingFilter.class) | |
| .addFilterBefore(super.getApplicationContext().getBean(RequestHeaderAuthenticationFilter.class), AnonymousAuthenticationFilter.class) | |
| .addFilter(super.getApplicationContext().getBean(CustomBasicAuthenticationFilter.class)) | |
| .requestCache() | |
| .requestCache(new NullRequestCache()) | |
| .and() | |
| .httpBasic() | |
| .authenticationEntryPoint(unauthorizedEntryPoint()) | |
| .and() | |
| .exceptionHandling() | |
| .authenticationEntryPoint(unauthorizedEntryPoint()) | |
| .accessDeniedHandler(accessDeniedHandler()) | |
| .and() | |
| .csrf().disable(); | |
| // @formatter:on | |
| } | |
| /** | |
| * {@inheritDoc} | |
| */ | |
| @Override | |
| protected void configure(AuthenticationManagerBuilder auth) | |
| throws Exception { | |
| auth.authenticationProvider(preAuthenticatedAuthenticationProvider()) | |
| .authenticationProvider(daoAuthenticationProvider()) | |
| .authenticationProvider(authenticationByTokenProvider()); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment