diff options
Diffstat (limited to 'juick-www/src/main/java/com/juick/configuration/WebSecurityConfig.java')
-rw-r--r-- | juick-www/src/main/java/com/juick/configuration/WebSecurityConfig.java | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/juick-www/src/main/java/com/juick/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/configuration/WebSecurityConfig.java new file mode 100644 index 00000000..92f43e64 --- /dev/null +++ b/juick-www/src/main/java/com/juick/configuration/WebSecurityConfig.java @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2008-2017, Juick + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package com.juick.configuration; + +import com.juick.service.UserService; +import com.juick.service.security.HashParamAuthenticationFilter; +import com.juick.service.security.JuickUserDetailsService; +import com.juick.service.security.entities.JuickUser; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; + +import javax.annotation.Resource; + +/** + * Created by aalexeev on 11/21/16. + */ +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + @Value("${auth_remember_me_key:secret}") + private String rememberMeKey; + @Value("${web_domain:localhost}") + private String webDomain; + @Resource + private UserService userService; + + private final String COOKIE_NAME = "juick-remember-me"; + + @Bean("userDetailsService") + @Override + public UserDetailsService userDetailsServiceBean() throws Exception { + return super.userDetailsServiceBean(); + } + + @Override + public UserDetailsService userDetailsService() { + return new JuickUserDetailsService(userService); + } + + @Bean("authenticationManager") + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class); + http + .authorizeRequests() + .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/comment") + .authenticated() + .anyRequest().permitAll() + .and() + .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) + .and() + .sessionManagement().invalidSessionUrl("/") + .and() + .logout() + .invalidateHttpSession(true) + .logoutUrl("/logout") + .logoutSuccessUrl("/login?logout") + .deleteCookies("hash", COOKIE_NAME) + .and() + .formLogin() + .loginPage("/login") + .permitAll() + .defaultSuccessUrl("/") + .loginProcessingUrl("/login") + .usernameParameter("username") + .passwordParameter("password") + .failureUrl("/login?error=1") + .and() + .rememberMe() + .rememberMeCookieDomain(webDomain).key(rememberMeKey) + .rememberMeServices(rememberMeServices()) + .and() + .csrf().disable() + .authenticationProvider(authenticationProvider()) + .headers().defaultsDisabled().cacheControl(); + } + + @Bean + public DaoAuthenticationProvider authenticationProvider() throws Exception { + DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); + + authenticationProvider.setUserDetailsService(userDetailsService()); + + return authenticationProvider; + } + + @Bean + public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception { + return new HashParamAuthenticationFilter(userService, rememberMeServices()); + } + + @Bean + public RememberMeServices rememberMeServices() throws Exception { + TokenBasedRememberMeServices services = new TokenBasedRememberMeServices( + rememberMeKey, userDetailsService()); + + services.setCookieName(COOKIE_NAME); + services.setCookieDomain(webDomain); + services.setAlwaysRemember(true); + services.setTokenValiditySeconds(6 * 30 * 24 * 3600); + services.setUseSecureCookie(false); // TODO set true if https is supports + + return services; + } + + @Override + public void configure(WebSecurity web) throws Exception { + web.debug(false); + web.ignoring().antMatchers("/style.css*", "/scripts.js*"); + } +} |