aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick/www/configuration
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2017-03-29 14:11:46 +0300
committerGravatar Vitaly Takmazov2017-03-29 14:11:46 +0300
commit9f770c26d1e4f392d591bf35886e3dcc7371d64f (patch)
tree5fccb22b5c01b40d81a111de61e5fbf27f55a18f /juick-www/src/main/java/com/juick/www/configuration
parent889a5e543d33e3305bccd77e52722da695e068f7 (diff)
juick-www: Spring Security
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/configuration')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java63
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java3
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java20
3 files changed, 85 insertions, 1 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
new file mode 100644
index 00000000..9d603da8
--- /dev/null
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -0,0 +1,63 @@
+package com.juick.www.configuration;
+
+import com.juick.server.security.entities.JuickUser;
+import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.env.Environment;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+import javax.annotation.Resource;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+ @Resource
+ private Environment env;
+ @Resource
+ private UserService userService;
+
+ @Bean("userDetailsService")
+ @Override
+ public UserDetailsService userDetailsServiceBean() throws Exception {
+ return new JuickUserDetailsService(userService);
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .authorizeRequests()
+ .antMatchers("/settings", "/pm/**").authenticated()
+ .anyRequest().permitAll()
+ .and()
+ .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
+ .and()
+ .sessionManagement().invalidSessionUrl("/")
+ .and()
+ .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
+ .and()
+ .formLogin()
+ .loginPage("/login")
+ .permitAll()
+ .defaultSuccessUrl("/")
+ .loginProcessingUrl("/login")
+ .usernameParameter("username")
+ .passwordParameter("password")
+ .failureUrl("/login-error")
+ .and()
+ .rememberMe()
+ .tokenValiditySeconds(6 * 30 * 24 * 3600)
+ .alwaysRemember(true)
+ //.useSecureCookie(true) // TODO Enable if https is supports
+ .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
+ .userDetailsService(userDetailsServiceBean())
+ .key(env.getProperty("auth_remember_me_key"))
+ .and()
+ .csrf().disable();
+ }
+}
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
index 204d8c6c..138c7121 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
@@ -21,7 +21,8 @@ public class WwwInitializer extends AbstractAnnotationConfigDispatcherServletIni
WwwAppConfiguration.class,
DataConfiguration.class,
SearchConfiguration.class,
- SapeConfiguration.class
+ SapeConfiguration.class,
+ WebSecurityConfig.class
};
}
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
new file mode 100644
index 00000000..0ea8c907
--- /dev/null
+++ b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
@@ -0,0 +1,20 @@
+package com.juick.www.configuration;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+import javax.servlet.ServletContext;
+
+public class WwwSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
+ private final Logger logger = LoggerFactory.getLogger(getClass());
+
+ @Override
+ protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+ logger.info("SpringSecurityFilterChain initialized");
+ }
+}