147 lines
5.2 KiB
Java
Executable File
147 lines
5.2 KiB
Java
Executable File
/**
|
|
*
|
|
*/
|
|
package de.bstly.board.security;
|
|
|
|
import java.util.Collections;
|
|
|
|
import javax.sql.DataSource;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.http.HttpStatus;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
|
import org.springframework.security.web.authentication.RememberMeServices;
|
|
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
|
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
|
|
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
|
|
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
|
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
|
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
import org.springframework.web.cors.CorsConfiguration;
|
|
import org.springframework.web.cors.CorsConfigurationSource;
|
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
|
|
|
import com.google.common.collect.Lists;
|
|
|
|
import de.bstly.board.businesslogic.UserManager;
|
|
|
|
/**
|
|
* The Class SecurityConfig.
|
|
*/
|
|
@EnableWebSecurity
|
|
@EnableMethodSecurity(prePostEnabled = true)
|
|
@Configuration
|
|
public class SecurityConfig {
|
|
|
|
@Autowired
|
|
private UserManager localUserManager;
|
|
@Autowired
|
|
private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
|
|
@Autowired
|
|
private DataSource dataSource;
|
|
@Value("${loginUrl:/login}")
|
|
private String loginUrl;
|
|
@Value("${loginTargetUrl:/}")
|
|
private String loginTargetUrl;
|
|
|
|
/**
|
|
* Security filter chain.
|
|
*
|
|
* @param http the http
|
|
* @return the security filter chain
|
|
* @throws Exception the exception
|
|
*/
|
|
@Bean
|
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
|
|
oAuth2AuthenticationSuccessHandler.setDefaultTargetUrl(loginTargetUrl);
|
|
oAuth2AuthenticationSuccessHandler.setRememberMeServices(rememberMeServices());
|
|
|
|
http
|
|
// crsf
|
|
.csrf((csrf) -> csrf.disable())
|
|
// cors
|
|
// .cors().configurationSource(corsConfigurationSource()).and()
|
|
// anonymous
|
|
.anonymous((anonymous) -> anonymous.disable())
|
|
// login
|
|
.formLogin((formLogin) -> formLogin.loginPage("/login").defaultSuccessUrl(loginTargetUrl)
|
|
.failureHandler(new SimpleUrlAuthenticationFailureHandler(loginUrl + "?error")))
|
|
// remember me
|
|
.rememberMe((rememberMe) -> rememberMe.rememberMeServices(rememberMeServices()))
|
|
// logout
|
|
.logout((logout) -> logout.logoutUrl("/logout")
|
|
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK)))
|
|
// exception
|
|
.exceptionHandling((exceptionHandling) -> exceptionHandling
|
|
.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
|
|
new AntPathRequestMatcher("/api/**")))
|
|
// oidc
|
|
.oauth2Login((oauth2Login) -> oauth2Login.successHandler(oAuth2AuthenticationSuccessHandler)
|
|
.failureHandler(new SimpleUrlAuthenticationFailureHandler(loginUrl + "?externalError"))
|
|
.loginPage("/login"));
|
|
|
|
return http.build();
|
|
}
|
|
|
|
/**
|
|
* Password encoder.
|
|
*
|
|
* @return the argon 2 password encoder
|
|
*/
|
|
@Bean(name = "passwordEncoder")
|
|
public Argon2PasswordEncoder passwordEncoder() {
|
|
return Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8();
|
|
}
|
|
|
|
/**
|
|
* Persistent token repository.
|
|
*
|
|
* @return the persistent token repository
|
|
*/
|
|
@Bean
|
|
public PersistentTokenRepository persistentTokenRepository() {
|
|
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
|
|
tokenRepository.setDataSource(dataSource);
|
|
return tokenRepository;
|
|
}
|
|
|
|
/**
|
|
* Remember me services.
|
|
*
|
|
* @return the remember me services
|
|
*/
|
|
@Bean
|
|
public RememberMeServices rememberMeServices() {
|
|
PersistentTokenBasedRememberMeServices rememberMeServices = new LocalRememberMeServices("remember-me",
|
|
localUserManager, persistentTokenRepository());
|
|
return rememberMeServices;
|
|
}
|
|
|
|
/**
|
|
* Cors configuration source.
|
|
*
|
|
* @return the cors configuration source
|
|
*/
|
|
@Bean
|
|
public CorsConfigurationSource corsConfigurationSource() {
|
|
CorsConfiguration configuration = new CorsConfiguration();
|
|
configuration.setAllowedOriginPatterns(Lists.newArrayList("localhost", "http://localhost",
|
|
"http://localhost:4200", "https://board.bstly.lh8.de"));
|
|
configuration.setAllowedMethods(Collections.singletonList("*"));
|
|
configuration.setAllowCredentials(true);
|
|
configuration.setAllowedHeaders(Collections.singletonList("*"));
|
|
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
|
source.registerCorsConfiguration("/**", configuration);
|
|
return source;
|
|
}
|
|
}
|