diff options
author | Vitaly Takmazov | 2017-03-29 14:11:46 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2017-03-29 14:11:46 +0300 |
commit | 9f770c26d1e4f392d591bf35886e3dcc7371d64f (patch) | |
tree | 5fccb22b5c01b40d81a111de61e5fbf27f55a18f /juick-www/src/main/java/com/juick/www/configuration | |
parent | 889a5e543d33e3305bccd77e52722da695e068f7 (diff) |
juick-www: Spring Security
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/configuration')
3 files changed, 85 insertions, 1 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java new file mode 100644 index 00000000..9d603da8 --- /dev/null +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -0,0 +1,63 @@ +package com.juick.www.configuration; + +import com.juick.server.security.entities.JuickUser; +import com.juick.service.UserService; +import com.juick.service.security.JuickUserDetailsService; +import org.springframework.context.annotation.Bean; +import org.springframework.core.env.Environment; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; + +import javax.annotation.Resource; + +/** + * Created by aalexeev on 11/21/16. + */ +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + @Resource + private Environment env; + @Resource + private UserService userService; + + @Bean("userDetailsService") + @Override + public UserDetailsService userDetailsServiceBean() throws Exception { + return new JuickUserDetailsService(userService); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers("/settings", "/pm/**").authenticated() + .anyRequest().permitAll() + .and() + .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) + .and() + .sessionManagement().invalidSessionUrl("/") + .and() + .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/") + .and() + .formLogin() + .loginPage("/login") + .permitAll() + .defaultSuccessUrl("/") + .loginProcessingUrl("/login") + .usernameParameter("username") + .passwordParameter("password") + .failureUrl("/login-error") + .and() + .rememberMe() + .tokenValiditySeconds(6 * 30 * 24 * 3600) + .alwaysRemember(true) + //.useSecureCookie(true) // TODO Enable if https is supports + .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) + .userDetailsService(userDetailsServiceBean()) + .key(env.getProperty("auth_remember_me_key")) + .and() + .csrf().disable(); + } +} diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java index 204d8c6c..138c7121 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java @@ -21,7 +21,8 @@ public class WwwInitializer extends AbstractAnnotationConfigDispatcherServletIni WwwAppConfiguration.class, DataConfiguration.class, SearchConfiguration.class, - SapeConfiguration.class + SapeConfiguration.class, + WebSecurityConfig.class }; } diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java new file mode 100644 index 00000000..0ea8c907 --- /dev/null +++ b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java @@ -0,0 +1,20 @@ +package com.juick.www.configuration; + +/** + * Created by vitalyster on 25.11.2016. + */ + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; + +import javax.servlet.ServletContext; + +public class WwwSecurityInitializer extends AbstractSecurityWebApplicationInitializer { + private final Logger logger = LoggerFactory.getLogger(getClass()); + + @Override + protected void afterSpringSecurityFilterChain(ServletContext servletContext) { + logger.info("SpringSecurityFilterChain initialized"); + } +} |