org.moserp.common.security.SecurityConfiguration.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.moserp.common.security.SecurityConfiguration.java

Introduction

Here is the source code for org.moserp.common.security.SecurityConfiguration.java

Source

/*******************************************************************************
 * Copyright 2013 Thomas Letsch (contact@thomas-letsch.de)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 ******************************************************************************/

package org.moserp.common.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
@Profile({ "!test" })
@EnableResourceServer
public class SecurityConfiguration extends ResourceServerConfigurerAdapter {

    /**
     * Provide security so that endpoints are only served if the request is
     * already authenticated.
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers().antMatchers("/**").and().authorizeRequests().anyRequest().authenticated();
        //                .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
        //                .antMatchers(HttpMethod.OPTIONS, "/**").access("#oauth2.hasScope('read')")
        //                .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
        //                .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
        //                .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
        //                .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')");
    }

    /**
     * Id of the resource that you are letting the client have access to.
     * Supposing you have another api ("say api2"), then you can customize the
     * access within resource server to define what api is for what resource id.
     * <br>
     * <br>
     * <p>
     * So suppose you have 2 APIs, then you can define 2 resource servers.
     * <ol>
     * <li>Client 1 has been configured for access to resourceid1, so he can
     * only access "api1" if the resource server configures the resourceid to
     * "api1".</li>
     * <li>Client 1 can't access resource server 2 since it has configured the
     * resource id to "api2"
     * </li>
     * </ol>
     */
    //    @Override
    //    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    //        resources.resourceId("apis");
    //    }
}