Java tutorial
/* * Copyright 2015 Kaiserpfalz EDV-Service, Roland T. Lichti * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package de.kaiserpfalzEdv.office.ui.web.configuration; import de.kaiserpfalzEdv.office.ui.web.security.KPOfficeAuthenticationProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; import javax.annotation.PostConstruct; import javax.annotation.PreDestroy; import javax.inject.Inject; /** * @author klenkes <rlichti@kaiserpfalz-edv.de> * @version 0.1.0 * @since 0.1.0 */ @Configuration @EnableWebMvcSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @Order(1) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private static final Logger LOG = LoggerFactory.getLogger(WebSecurityConfig.class); @Inject private ApplicationContext context; @Inject private KPOfficeAuthenticationProvider authenticationProvider; public WebSecurityConfig() { LOG.trace("Created: {}", this); } @PostConstruct public void init() { LOG.trace("Initialized: {}", this); LOG.trace(" application context: {}", context); LOG.trace(" authentication provider: {}", authenticationProvider); } @PreDestroy public void close() { LOG.trace("Destroyed: {}", this); } @Override protected void configure(HttpSecurity http) throws Exception { LOG.debug("Configuring HTTP Security: {}", http); // all requests are authenticated http.authorizeRequests().anyRequest().authenticated(); http.httpBasic(); // Vaadin chokes if this filter is enabled, disable it! http.csrf().disable(); // TODO plumb custom HTTP 403 and 404 pages /* http.exceptionHandling().accessDeniedPage("/access?error"); */ } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { LOG.debug("Adding authentication provider: {}", authenticationProvider); auth.authenticationProvider(authenticationProvider); } }