com.sothawo.taboo2.SecurityConfig.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.sothawo.taboo2.SecurityConfig.java

Introduction

Here is the source code for com.sothawo.taboo2.SecurityConfig.java

Source

/*
 Copyright 2015 Peter-Josef Meisch (pj.meisch@sothawo.com)
    
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
    
   http://www.apache.org/licenses/LICENSE-2.0
    
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/
package com.sothawo.taboo2;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**
 * Security configuration.
 *
 * @author P.J. Meisch (pj.meisch@sothawo.com).
 */
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    // ------------------------------ FIELDS ------------------------------

    /** Logger for the class */
    private final static Logger log = LoggerFactory.getLogger(SecurityConfig.class);

    /** the configuration object */
    @Autowired
    SecurityProperties securityProperties;

    /** the service to provide the user data */
    @Autowired
    Taboo2UserService userService;

    // -------------------------- OTHER METHODS --------------------------

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        boolean requireSsl = securityProperties.isRequireSsl();
        boolean basicEnabled = securityProperties.getBasic().isEnabled();
        log.debug("configuring http, requires ssl: {}, basic authentication: {}", requireSsl, basicEnabled);
        if (requireSsl) {
            http.requiresChannel().anyRequest().requiresSecure();
        }
        if (basicEnabled) {
            // authentication for the taboo2 service only, the app itself doesn't need use it to display it's own login
            // form.
            http.authorizeRequests().antMatchers("/taboo2/**").authenticated().anyRequest().permitAll();
        }
        http.httpBasic().realmName("taboo2");
        http.csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
    }
}