br.com.hyperclass.snackbar.config.SecurityConfiguration.java Source code

Introduction

Here is the source code for br.com.hyperclass.snackbar.config.SecurityConfiguration.java

Source

/*
 * snackbar 1.0 22 de out de 2016
 *
 * Copyright (c) 2016, hyperCLASS. All rights reserved. hyperCLASS
 * proprietary/confidential. Use is subject to license terms.
 */
package br.com.hyperclass.snackbar.config;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import javax.servlet.Filter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import authentication.AuthenticationListener;
import authentication.PreAuthenticatedUserFilter;
import authentication.jwt.JwtSignatureVerifier;
import authentication.jwt.JwtVerifier;

/**
 * 
 * 
 * @author Joo Batista
 * @version 1.0 22 de out de 2016
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("jwtAuthenticationManager")
    private AuthenticationManager jwtAuthenticationManager;

    @Autowired
    @Qualifier("defaultAuthenticationSuccessHandler")
    private AuthenticationSuccessHandler successHandler;

    @Autowired
    private AuthenticationFailureHandler failureHandler;

    @Autowired
    @Qualifier("providerManager")
    private AuthenticationManager providerManager;

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        http.addFilter(preAuthenticationFilter());
        http.addFilter(loginFilter());
        http.addFilter(anonymousFilter());
        http.csrf().disable();
        http.authorizeRequests().antMatchers("/menu/**").hasRole("ADMIN").antMatchers("/stock/**").hasRole("ADMIN")
                .antMatchers("/order/**").permitAll().antMatchers("/cashier/**").authenticated().and().formLogin();
    }

    @Bean
    public AuthenticationManager providerManager(
            @Qualifier("defaultAuthenticationProvider") final AuthenticationProvider provider) {
        return new ProviderManager(Arrays.asList(provider));
    }

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder(5);
    }

    /**
     * A <code>PreAuthenticatedUserFilter</code> extende a
     * <code>AbstractPreAuthenticatedProcessingFilter</code> onde est classe 
     * reponsavel por intercepectar todas requisio e extrair o Token
     * existente. Est classe tambm implementar o mtodo doFilter que 
     * reponsvel por delegar para o filtro existente a resolucao da requisicao.
     * 
     * Assim criando um instncia de PreAuthenticatedUserFilter (que  um
     * Filter) podemos delegar para ele o bean criado jwtAuthenticationManager
     * onde ele ir retornara se o usuario foi atenticado com sucesso.
     */
    @Bean
    public Filter preAuthenticationFilter() {
        final PreAuthenticatedUserFilter filter = new PreAuthenticatedUserFilter();
        filter.setAuthenticationManager(jwtAuthenticationManager);
        return filter;
    }

    @Bean
    public Filter anonymousFilter() {
        return new AnonymousAuthenticationFilter("anonymousUser");
    }

    @Bean
    public Filter loginFilter() {
        final UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
        filter.setAuthenticationManager(providerManager);
        filter.setAuthenticationSuccessHandler(successHandler);
        filter.setAuthenticationFailureHandler(failureHandler);
        return filter;
    }

    @Bean
    @Qualifier("authenticationListeners")
    public List<AuthenticationListener> authenticationListeners(
            @Qualifier("responseHeaderAuthenticationListener") final AuthenticationListener responseHeaderListener) {
        final List<AuthenticationListener> list = new ArrayList<>(1);
        list.add(responseHeaderListener);
        return list;
    }

    @Bean
    public List<JwtVerifier> verifiersList(
            @Qualifier("issuerReferenceClaimsVerifier") final JwtVerifier issuerVerifier,
            @Qualifier("notBeforeTimeClaimsVerifier") final JwtVerifier notBeforeTimeVerifier,
            @Qualifier("referenceDateClaimsVerifier") final JwtVerifier referenceDateVerifier,
            @Qualifier("jwtSignatureVerifier") final JwtVerifier jwtSignatureVerifier) {
        final List<JwtVerifier> verifiersList = new ArrayList<>(4);
        verifiersList.add(jwtSignatureVerifier);
        verifiersList.add(issuerVerifier);
        verifiersList.add(notBeforeTimeVerifier);
        verifiersList.add(referenceDateVerifier);
        return verifiersList;
    }

    @Bean
    public JwtVerifier jwtSignatureVerifier(@Value("${jwt.secret}") final String secret) {
        return new JwtSignatureVerifier(secret);
    }

    @Bean
    public MethodInvokingFactoryBean methodInvokingFactoryBean() {
        final MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
        methodInvokingFactoryBean.setTargetClass(SecurityContextHolder.class);
        methodInvokingFactoryBean.setTargetMethod("setStrategyName");
        methodInvokingFactoryBean.setArguments(new Object[] { SecurityContextHolder.MODE_INHERITABLETHREADLOCAL });
        return methodInvokingFactoryBean;
    }

}