diff options
Diffstat (limited to 'juick-spring-www/src/main/java/com/juick/www/configuration')
3 files changed, 109 insertions, 20 deletions
diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java new file mode 100644 index 00000000..65d07dba --- /dev/null +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -0,0 +1,85 @@ +package com.juick.www.configuration; + +import com.juick.service.UserService; +import com.juick.www.entity.JuickUser; +import org.apache.commons.lang3.StringUtils; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.PropertySource; +import org.springframework.core.env.Environment; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +import javax.annotation.Resource; + +/** + * Created by aalexeev on 11/21/16. + */ +@EnableWebSecurity +@PropertySource("classpath:juick.conf") +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + @Resource + private Environment env; + @Resource + private UserService userService; + + protected WebSecurityConfig() { + super(true); + } + + @Bean("authManager") + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + + @Bean("userDetailsService") + @Override + public UserDetailsService userDetailsServiceBean() throws Exception { + return username -> { + if (StringUtils.isBlank(username)) + throw new UsernameNotFoundException("Invalid user name " + username); + + com.juick.User user = userService.getUserByName(username); + + if (user != null) + return new JuickUser(user); + + throw new UsernameNotFoundException("The username " + username + " is not found"); + }; + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers("/settings", "/pm/**").authenticated() + .anyRequest().authenticated() + .and() + .anonymous() + .authorities("ROLE_ANONYM") + .and() + .logout() + .invalidateHttpSession(true) + .logoutUrl("/logout") + .logoutSuccessUrl("/") + .and() + .formLogin() + .loginPage("/login") + .permitAll() + .defaultSuccessUrl("/") + .failureForwardUrl("/login") + .and() + .rememberMe() + .tokenValiditySeconds(6 * 30 * 24 * 3600) + .alwaysRemember(true) + .useSecureCookie(true) + .rememberMeCookieName(env.getProperty("auth_cookie_name", "hash")) + .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) + .and() + .csrf().disable(); + } +} diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WwwInitializer.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwInitializer.java index 852ec554..6b7b4ebc 100644 --- a/juick-spring-www/src/main/java/com/juick/www/configuration/WwwInitializer.java +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwInitializer.java @@ -6,6 +6,9 @@ import org.springframework.web.filter.CharacterEncodingFilter; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; import javax.servlet.Filter; +import javax.servlet.FilterRegistration; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; /** * Created by aalexeev on 11/20/16. @@ -14,7 +17,7 @@ public class WwwInitializer extends AbstractAnnotationConfigDispatcherServletIni @Override protected Class<?>[] getRootConfigClasses() { - return new Class<?>[]{DataConfiguration.class, SearchConfiguration.class}; + return new Class<?>[]{DataConfiguration.class, SearchConfiguration.class, WebSecurityConfig.class}; } @Override @@ -28,16 +31,23 @@ public class WwwInitializer extends AbstractAnnotationConfigDispatcherServletIni } @Override - protected Filter[] getServletFilters() { - CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter(); - characterEncodingFilter.setEncoding("UTF-8"); - - return new Filter[]{characterEncodingFilter}; + protected String getServletName() { + return "WWW-spring dispatcher servlet"; } @Override - protected String getServletName() { - return "WWW-spring dispatcher servlet"; + public void onStartup(ServletContext servletContext) throws ServletException { + super.onStartup(servletContext); + + CharacterEncodingFilter encodingFilter = new CharacterEncodingFilter(); + + encodingFilter.setEncoding("UTF-8"); + encodingFilter.setForceEncoding(true); + + FilterRegistration.Dynamic registration = servletContext.addFilter( + "encodingFilter", new CharacterEncodingFilter()); + + registration.addMappingForUrlPatterns(null, true, "/*"); } } diff --git a/juick-spring-www/src/main/java/com/juick/www/configuration/WwwServletConfiguration.java b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwServletConfiguration.java index 8edc1b6c..01cee39f 100644 --- a/juick-spring-www/src/main/java/com/juick/www/configuration/WwwServletConfiguration.java +++ b/juick-spring-www/src/main/java/com/juick/www/configuration/WwwServletConfiguration.java @@ -6,14 +6,13 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; -import org.springframework.context.support.ReloadableResourceBundleMessageSource; import org.springframework.context.support.ResourceBundleMessageSource; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; +import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; -import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; import org.thymeleaf.spring4.SpringTemplateEngine; import org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver; import org.thymeleaf.spring4.view.ThymeleafViewResolver; @@ -64,20 +63,10 @@ public class WwwServletConfiguration extends WebMvcConfigurationSupport { public ThymeleafViewResolver viewResolver() { ThymeleafViewResolver viewResolver = new ThymeleafViewResolver(); viewResolver.setTemplateEngine(templateEngine()); - // NOTE 'order' and 'viewNames' are optional - viewResolver.setOrder(1); - viewResolver.setViewNames(new String[]{".html", ".xhtml"}); return viewResolver; } @Override - public RequestMappingHandlerMapping requestMappingHandlerMapping() { - RequestMappingHandlerMapping mapping = super.requestMappingHandlerMapping(); - mapping.setUseSuffixPatternMatch(false); - return mapping; - } - - @Override protected void configureMessageConverters(List<HttpMessageConverter<?>> converters) { Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder() .serializationInclusion(JsonInclude.Include.NON_DEFAULT) @@ -97,6 +86,7 @@ public class WwwServletConfiguration extends WebMvcConfigurationSupport { registry.setOrder(0); registry.addResourceHandler("/scripts.js").addResourceLocations("/"); registry.addResourceHandler("/style.css").addResourceLocations("/"); + registry.addResourceHandler("/favicon.ico").addResourceLocations("/static/favicon.ico"); } @Bean @@ -109,4 +99,8 @@ public class WwwServletConfiguration extends WebMvcConfigurationSupport { return messageSource; } + + @Override + protected void addViewControllers(ViewControllerRegistry registry) { + } } |