aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
diff options
context:
space:
mode:
Diffstat (limited to 'juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java')
-rw-r--r--juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java124
1 files changed, 124 insertions, 0 deletions
diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
new file mode 100644
index 00000000..3809090e
--- /dev/null
+++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint;
+import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import javax.inject.Inject;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@Configuration
+@EnableWebSecurity
+public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
+ @Value("${auth_remember_me_key:secret}")
+ private String rememberMeKey;
+ @Inject
+ private UserService userService;
+
+ ApiSecurityConfig() {
+ super(true);
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests()
+ .antMatchers(HttpMethod.OPTIONS).permitAll()
+ .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
+ "/skypebotendpoint").permitAll()
+ .anyRequest().hasRole("USER")
+ .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and().anonymous()
+ .and().cors().configurationSource(corsConfigurationSource())
+ .and().servletApi()
+ .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+ .and()
+ .rememberMe()
+ .alwaysRemember(true)
+ .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
+ .rememberMeServices(rememberMeServices())
+ .key(rememberMeKey)
+ .and().authenticationProvider(authenticationProvider())
+ .headers().defaultsDisabled().cacheControl();
+ }
+
+ @Bean
+ public DaoAuthenticationProvider authenticationProvider() {
+ DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+
+ authenticationProvider.setUserDetailsService(userDetailsService());
+
+ return authenticationProvider;
+ }
+
+ @Bean
+ public JuickUserDetailsService userDetailsService() {
+ return new JuickUserDetailsService(userService);
+ }
+
+ @Bean
+ public RememberMeServices rememberMeServices() {
+ return new RequestParamHashRememberMeServices(rememberMeKey, userService);
+ }
+
+ @Bean
+ public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
+ return new NotAuthorizedAuthenticationEntryPoint();
+ }
+
+ @Bean
+ public CorsConfigurationSource corsConfigurationSource() {
+ CorsConfiguration configuration = new CorsConfiguration();
+
+ configuration.setAllowedOrigins(Collections.singletonList("*"));
+ configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+ configuration.setAllowedHeaders(Collections.singletonList("*"));
+
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/**", configuration);
+
+ return source;
+ }
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**",
+ "/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**");
+ }
+}