blankd.acme.pet.licensing.config.security.WebSecurityConfig.java Source code

Java tutorial

  1. HOME
  2. Java
  3. blankd.acme.pet.licensing.config.security.WebSecurityConfig.java

Introduction

Here is the source code for blankd.acme.pet.licensing.config.security.WebSecurityConfig.java

Source

package blankd.acme.pet.licensing.config.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    public static final String REALM = "MY_REALM";

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable() //<--- Research why this only allows GET and POST
                .authorizeRequests().antMatchers("/license/find/*").permitAll().antMatchers("/license/").permitAll()
                .antMatchers("/license/new").hasAuthority("ADMIN").antMatchers("/license/assign/*")
                .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/license/assign/force/**").hasAuthority("ADMIN")
                .antMatchers("/license/delete/**").hasAuthority("ADMIN").antMatchers("/account/view/*").permitAll()
                .antMatchers("/pet/new").hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/update")
                .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/delete").hasAnyAuthority("CLERK", "ADMIN")
                .antMatchers("/pet/**").permitAll().antMatchers("/account/new").permitAll()
                .antMatchers("/account/**").hasAnyAuthority("CLERK", "ADMIN").anyRequest().fullyAuthenticated()
                .and().httpBasic().realmName(REALM).authenticationEntryPoint(getMyEntryPoint()).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Bean
    public MyBasicAuthenticationEntryPoint getMyEntryPoint() {
        return new MyBasicAuthenticationEntryPoint();
    }

    @Override
    public void configure(WebSecurity w) {
        w.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
    }
}