From 9f770c26d1e4f392d591bf35886e3dcc7371d64f Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 29 Mar 2017 14:11:46 +0300
Subject: juick-www: Spring Security

---
 .../juick/www/configuration/WebSecurityConfig.java | 63 ++++++++++++++++++++++
 .../juick/www/configuration/WwwInitializer.java    |  3 +-
 .../www/configuration/WwwSecurityInitializer.java  | 20 +++++++
 3 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
 create mode 100644 juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java

(limited to 'juick-www/src/main/java/com/juick/www/configuration')

diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
new file mode 100644
index 00000000..9d603da8
--- /dev/null
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -0,0 +1,63 @@
+package com.juick.www.configuration;
+
+import com.juick.server.security.entities.JuickUser;
+import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.env.Environment;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+import javax.annotation.Resource;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Resource
+    private Environment env;
+    @Resource
+    private UserService userService;
+
+    @Bean("userDetailsService")
+    @Override
+    public UserDetailsService userDetailsServiceBean() throws Exception {
+        return new JuickUserDetailsService(userService);
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                .antMatchers("/settings", "/pm/**").authenticated()
+                .anyRequest().permitAll()
+                .and()
+                .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
+                .and()
+                .sessionManagement().invalidSessionUrl("/")
+                .and()
+                .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
+                .and()
+                .formLogin()
+                .loginPage("/login")
+                .permitAll()
+                .defaultSuccessUrl("/")
+                .loginProcessingUrl("/login")
+                .usernameParameter("username")
+                .passwordParameter("password")
+                .failureUrl("/login-error")
+                .and()
+                .rememberMe()
+                .tokenValiditySeconds(6 * 30 * 24 * 3600)
+                .alwaysRemember(true)
+                //.useSecureCookie(true) // TODO Enable if https is supports
+                .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
+                .userDetailsService(userDetailsServiceBean())
+                .key(env.getProperty("auth_remember_me_key"))
+                .and()
+                .csrf().disable();
+    }
+}
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
index 204d8c6c..138c7121 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
@@ -21,7 +21,8 @@ public class WwwInitializer extends AbstractAnnotationConfigDispatcherServletIni
                 WwwAppConfiguration.class,
                 DataConfiguration.class,
                 SearchConfiguration.class,
-                SapeConfiguration.class
+                SapeConfiguration.class,
+                WebSecurityConfig.class
         };
     }
 
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
new file mode 100644
index 00000000..0ea8c907
--- /dev/null
+++ b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
@@ -0,0 +1,20 @@
+package com.juick.www.configuration;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+import javax.servlet.ServletContext;
+
+public class WwwSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
+    private final Logger logger = LoggerFactory.getLogger(getClass());
+
+    @Override
+    protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+        logger.info("SpringSecurityFilterChain initialized");
+    }
+}
-- 
cgit v1.2.3