Java tutorial
/* * Copyright (c) 2017 sainth (sainth@sainth.de) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ package de.sainth.recipe.backend.security; import de.sainth.recipe.backend.db.repositories.UserRepository; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.access.ExceptionTranslationFilter; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityTokenAdapter extends WebSecurityConfigurerAdapter { private static final Logger logger = Logger.getLogger(SecurityTokenAdapter.class); @Autowired private UserAuthenticationProvider authenticationProvider; @Autowired private UserRepository userRepository; @Autowired RecipeManagerProperties properties; public SecurityTokenAdapter() { super(true); } @Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(getAuthenticationEntryPoint()) .accessDeniedHandler(getAccessDeniedHandler()).and().authorizeRequests().anyRequest() .authenticated().and() .addFilterAfter(new AuthFilter(properties, userRepository), ExceptionTranslationFilter.class); } private AuthenticationEntryPoint getAuthenticationEntryPoint() { return (request, response, authException) -> response.sendError(HttpStatus.FORBIDDEN.value(), authException.getMessage()); } private AccessDeniedHandler getAccessDeniedHandler() { return (request, response, accessDeniedException) -> response.sendError(HttpStatus.FORBIDDEN.value(), accessDeniedException.getMessage()); } @Override public void configure(WebSecurity web) throws Exception { // web.debug(true); // web.ignoring().antMatchers("/login"); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider); } }