cz.sohlich.workstack.SecurityConfig.java Source code

Java tutorial

  1. HOME
  2. Java
  3. cz.sohlich.workstack.SecurityConfig.java

Introduction

Here is the source code for cz.sohlich.workstack.SecurityConfig.java

Source

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package cz.sohlich.workstack;

import cz.sohlich.workstack.security.MongoUserDetailService;
import cz.sohlich.workstack.security.StatelessAuthenticationFilter;
import cz.sohlich.workstack.security.StatelessLoginFilter;
import cz.sohlich.workstack.security.TokenAuthenticationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 *
 * @author radek
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    MongoUserDetailService userDetailService;
    @Autowired
    AuthenticationManager authenticationManager;
    @Autowired
    TokenAuthenticationService tokenAuthenticationService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().exceptionHandling().and().anonymous().and().servletApi().and().headers()
                .cacheControl().and().authorizeRequests().antMatchers("/api/task/**").authenticated()
                .antMatchers(HttpMethod.POST, "/security/login").permitAll().and()
                .addFilterBefore(new StatelessLoginFilter("/security/login", tokenAuthenticationService,
                        userDetailService, authenticationManager), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService),
                        UsernamePasswordAuthenticationFilter.class);
        //                .exceptionHandling().authenticationEntryPoint(entryPoint);
        //                .formLogin();//.loginPage("/security/login");
    }

}