diff options
author | Vitaly Takmazov | 2016-11-25 13:20:15 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-11-25 13:20:15 +0300 |
commit | 55b09a6a3bc4a21201189d855e140308f05016fb (patch) | |
tree | 543c880aaf15bf396eca6255bd816fb7d5dc9f12 /juick-api/src/main/java/com/juick/api/configuration | |
parent | efe9b6d78c9aac2b92afe2d55d2f33e4b5e6d179 (diff) |
juick-api: security WIP
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/configuration')
3 files changed, 90 insertions, 1 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiInitializer.java b/juick-api/src/main/java/com/juick/api/configuration/ApiInitializer.java index f5ba4ff1..2dc25e66 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiInitializer.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiInitializer.java @@ -17,7 +17,7 @@ public class ApiInitializer extends AbstractAnnotationConfigDispatcherServletIni @Override protected Class<?>[] getServletConfigClasses() { - return new Class<?>[]{ApiMvcConfiguration.class}; + return new Class<?>[]{ApiMvcConfiguration.class, ApiSecurityConfig.class}; } @Override diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java new file mode 100644 index 00000000..c0043950 --- /dev/null +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -0,0 +1,79 @@ +package com.juick.api.configuration; + +import com.juick.server.security.JuickAuthenticationEntryPoint; +import com.juick.server.security.JuickAuthenticationProvider; +import com.juick.server.security.entities.JuickUser; +import com.juick.service.UserService; +import org.apache.commons.lang3.StringUtils; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.PropertySource; +import org.springframework.core.env.Environment; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +import javax.annotation.Resource; +import javax.inject.Inject; + +/** + * Created by aalexeev on 11/21/16. + */ +@Configuration +@EnableWebSecurity +@PropertySource("classpath:juick.conf") +public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { + @Resource + private Environment env; + @Resource + private UserService userService; + + protected ApiSecurityConfig() { + super(true); + } + + @Bean + public JuickAuthenticationEntryPoint getBasicAuthEntryPoint(){ + return new JuickAuthenticationEntryPoint(); + } + + @Bean("userDetailsService") + @Override + public UserDetailsService userDetailsServiceBean() throws Exception { + return username -> { + if (StringUtils.isBlank(username)) + throw new UsernameNotFoundException("Invalid user name " + username); + + com.juick.User user = userService.getUserByName(username); + + if (user != null) + return new JuickUser(user); + + throw new UsernameNotFoundException("The username " + username + " is not found"); + }; + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers("/home").hasRole("USER") + .and().httpBasic().authenticationEntryPoint(new JuickAuthenticationEntryPoint()) + .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + } + + @Inject + public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { + auth.authenticationProvider(new JuickAuthenticationProvider()); + } + @Override + public void configure(WebSecurity web) throws Exception { + web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**"); + } +} diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityInitializer.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityInitializer.java new file mode 100644 index 00000000..295e367c --- /dev/null +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityInitializer.java @@ -0,0 +1,10 @@ +package com.juick.api.configuration; + +/** + * Created by vitalyster on 25.11.2016. + */ +import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; + +public class ApiSecurityInitializer extends AbstractSecurityWebApplicationInitializer { + +} |