Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.nifi.minifi.c2.security; import org.apache.nifi.minifi.c2.security.authentication.C2AnonymousAuthenticationFilter; import org.apache.nifi.minifi.c2.security.authentication.X509AuthenticationFilter; import org.apache.nifi.minifi.c2.security.authentication.X509AuthenticationProvider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.ImportResource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @ImportResource({ "classpath:minifi-c2-web-security-context.xml" }) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { private AuthenticationProvider authenticationProvider; private X509AuthenticationFilter x509AuthenticationFilter; private C2AnonymousAuthenticationFilter c2AnonymousAuthenticationFilter; public SecurityConfiguration() { super(true); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { // override xxxBean method so the authentication manager is available in app context (necessary for the method level security) return super.authenticationManagerBean(); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/access", "/access/config", "/access/token", "/access/kerberos"); } @Override protected void configure(HttpSecurity http) throws Exception { http.rememberMe().disable().authorizeRequests().anyRequest().fullyAuthenticated().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.addFilterBefore(x509AuthenticationFilter, AnonymousAuthenticationFilter.class); http.anonymous().authenticationFilter(c2AnonymousAuthenticationFilter); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider); } @Autowired public void setX509AuthenticationProvider(X509AuthenticationProvider x509AuthenticationProvider) { this.authenticationProvider = x509AuthenticationProvider; } @Autowired public void setX509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) { this.x509AuthenticationFilter = x509AuthenticationFilter; } @Autowired public void setC2AnonymousAuthenticationFilter( C2AnonymousAuthenticationFilter c2AnonymousAuthenticationFilter) { this.c2AnonymousAuthenticationFilter = c2AnonymousAuthenticationFilter; } }