Java tutorial
/* * The MIT License * * Copyright 2015 J. David Mendoza. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ package org.davidmendoza.esu.config; import java.util.ArrayList; import java.util.List; import javax.sql.DataSource; import org.davidmendoza.esu.utils.LoginHandler; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.hierarchicalroles.RoleHierarchy; import org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper; import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl; import org.springframework.security.access.vote.AffirmativeBased; import org.springframework.security.access.vote.RoleHierarchyVoter; import org.springframework.security.access.vote.RoleVoter; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; import org.springframework.security.web.access.expression.WebExpressionVoter; /** * * @author J. David Mendoza <jdmendoza@swau.edu> */ @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private DataSource dataSource; @Autowired private LoginHandler loginHandler; @Autowired private UserDetailsService userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN").anyRequest().permitAll().and() .formLogin().loginPage("/login").loginProcessingUrl("/login/authenticate") .failureUrl("/login?error=bad_credentials").successHandler(loginHandler).permitAll().and().logout() .logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(daoAuthenticationProvider()).jdbcAuthentication().dataSource(dataSource) .usersByUsernameQuery( "select username, password, enabled, account_expired, account_locked, password_expired, nombre, apellido from usuarios where username = ?") .authoritiesByUsernameQuery( "select u.username, r.authority from usuarios_roles ur inner join usuarios u on ur.usuario_id = u.id inner join roles r on ur.rol_id = r.id where u.username = ?"); } @Bean public PasswordEncoder passwordEncoder() { PasswordEncoder encoder = new BCryptPasswordEncoder(); return encoder; } @Bean public RoleHierarchy roleHierarchy() { RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl(); roleHierarchy.setHierarchy( " ROLE_ADMIN > ROLE_EDITOR " + "ROLE_EDITOR > ROLE_AUTOR " + "ROLE_AUTOR > ROLE_USER"); return roleHierarchy; } @Bean public RoleVoter roleVoter() { return new RoleHierarchyVoter(roleHierarchy()); } @Bean public DaoAuthenticationProvider daoAuthenticationProvider() { DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); authenticationProvider.setUserDetailsService(userDetailsService); authenticationProvider.setPasswordEncoder(passwordEncoder()); authenticationProvider.setAuthoritiesMapper(new RoleHierarchyAuthoritiesMapper(roleHierarchy())); return authenticationProvider; } @Bean @SuppressWarnings("unchecked") public AccessDecisionManager defaultAccessDecisionManager() { DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler(); defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy()); WebExpressionVoter webExpressionVoter = new WebExpressionVoter(); webExpressionVoter.setExpressionHandler(defaultWebSecurityExpressionHandler); List voters = new ArrayList<>(); voters.add(webExpressionVoter); AccessDecisionManager result = new AffirmativeBased(voters); return result; } }