Java tutorial
/* * Copyright 2014 nateriver. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package be.bittich.quote.config; import be.bittich.quote.security.AuthenticationTokenProcessingFilter; import be.bittich.quote.security.CustomAccessDeniedHandler; import be.bittich.quote.security.UnauthorizedEntryPoint; import be.bittich.quote.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.access.channel.ChannelProcessingFilter; import org.springframework.security.web.authentication.logout.LogoutFilter; /** * * @author nateriver */ @Configuration @EnableWebSecurity @ComponentScan("be.bittich.quote.security") public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Autowired private UnauthorizedEntryPoint unauthorizedEntryPoint; @Autowired private CustomAccessDeniedHandler customAccessDeniedHandler; @Autowired private AuthenticationTokenProcessingFilter authenticationProcessFilter; @Autowired private PasswordEncoder passwordEncoder; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService).passwordEncoder(passwordEncoder); } @Override protected void configure(HttpSecurity http) throws Exception { http //.addFilterBefore(new SimpleCORSFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterBefore(new SimpleCORSFilter(), ChannelProcessingFilter.class) .addFilterBefore(authenticationProcessFilter, LogoutFilter.class).csrf().disable().httpBasic() .authenticationEntryPoint(unauthorizedEntryPoint).realmName("Protected API").and() .exceptionHandling().accessDeniedHandler(customAccessDeniedHandler).and().sessionManagement() .sessionCreationPolicy(STATELESS).and().authorizeRequests() //Authentication .antMatchers("/auth/login").anonymous().antMatchers("/auth/current").authenticated() //Quote .antMatchers("/quote/random", "/quote/list", "/quote/get/**", "/quote/count").permitAll() .antMatchers("/quote/create").hasAnyRole("ADMIN", "USER") //Author .antMatchers("/author/autocomplete", "/author/list", "/author/get/**").permitAll() .antMatchers("/author/create").hasAnyRole("ADMIN", "USER").anyRequest().authenticated(); } @Override @Bean(name = "authenticationManager") public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } }