spring security context

1. import java.util.HashSet;
2. import java.util.Set;
3.  
4. import javax.inject.Inject;
5.  
6. import org.jasig.cas.client.session.SingleSignOutFilter;
7. import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
8. import org.jasig.cas.client.validation.Saml11TicketValidator;
9. import org.springframework.boot.autoconfigure.security.SecurityProperties;
10. import org.springframework.context.annotation.Bean;
11. import org.springframework.context.annotation.Configuration;
12. import org.springframework.context.annotation.Profile;
13. import org.springframework.core.annotation.Order;
14. import org.springframework.core.env.Environment;
15. import org.springframework.security.cas.ServiceProperties;
16. import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
17. import org.springframework.security.cas.authentication.CasAuthenticationProvider;
18. import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
19. import org.springframework.security.cas.web.CasAuthenticationFilter;
20. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
21. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
22. import org.springframework.security.config.annotation.web.builders.WebSecurity;
23. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
24. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
25. import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
26. import org.springframework.security.web.authentication.logout.LogoutFilter;
27. import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
28. import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
29. import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
30. import org.springframework.security.web.csrf.CsrfFilter;
31. import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
32.  
33. @Profile({ "prod", "casLogin" })
34. @Configuration
35. @EnableWebSecurity
36. @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
37. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
38.  
39.     private static final String CAS_URL_LOGIN = "cas.service.login";
40.     private static final String CAS_URL_LOGOUT = "cas.service.logout";
41.     private static final String CAS_URL_PREFIX = "cas.url.prefix";
42.     private static final String CAS_SERVICE_URL = "app.service.security";
43.     private static final String APP_SERVICE_HOME = "app.service.home";
44.     private static final String APP_ADMIN_USER_NAME = "app.admin.userName";
45.  
46.     @Inject
47.     private Environment env;
48.  
49.     @Bean
50.     public Set<String> adminList() {
51.         Set<String> admins = new HashSet<String>();
52.         String adminUserName = env.getProperty(APP_ADMIN_USER_NAME);
53.  
54.         admins.add("admin");
55.         if (adminUserName != null && !adminUserName.isEmpty()) {
56.             admins.add(adminUserName);
57.         }
58.         return admins;
59.     }
60.  
61.     @Bean
62.     public ServiceProperties serviceProperties() {
63.         ServiceProperties sp = new ServiceProperties();
64.         sp.setService(env.getRequiredProperty(CAS_SERVICE_URL));
65.         sp.setSendRenew(false);
66.         return sp;
67.     }
68.  
69.     @Bean
70.     public CasAuthenticationProvider casAuthenticationProvider() {
71.         CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
72.         casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
73.         casAuthenticationProvider.setServiceProperties(serviceProperties());
74.         casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
75.         casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
76.         return casAuthenticationProvider;
77.     }
78.  
79.     @Bean
80.     public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService() {
81.         return new CustomUserDetailsService(adminList());
82.     }
83.  
84.     @Bean
85.     public SessionAuthenticationStrategy sessionStrategy() {
86.         SessionAuthenticationStrategy sessionStrategy = new SessionFixationProtectionStrategy();
87.         return sessionStrategy;
88.     }
89.  
90.     @Bean
91.     public Saml11TicketValidator casSamlServiceTicketValidator() {
92.         return new Saml11TicketValidator(env.getRequiredProperty(CAS_URL_PREFIX));
93.     }
94.  
95.     @Bean
96.     public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
97.         return new Cas20ServiceTicketValidator(env.getRequiredProperty(CAS_URL_PREFIX));
98.     }
99.  
100.     @Bean
101.     public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
102.         CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
103.         casAuthenticationFilter.setAuthenticationManager(authenticationManager());
104.         casAuthenticationFilter.setSessionAuthenticationStrategy(sessionStrategy());
105.         return casAuthenticationFilter;
106.     }
107.  
108.     @Bean
109.     public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
110.         CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
111.         casAuthenticationEntryPoint.setLoginUrl(env.getRequiredProperty(CAS_URL_LOGIN));
112.         casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
113.         return casAuthenticationEntryPoint;
114.     }
115.  
116.     @Bean
117.     public SingleSignOutFilter singleSignOutFilter() {
118.         SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
119.         singleSignOutFilter.setCasServerUrlPrefix(env.getRequiredProperty(CAS_URL_PREFIX));
120.         return singleSignOutFilter;
121.     }
122.  
123.     @Bean
124.     public LogoutFilter requestCasGlobalLogoutFilter() {
125.         LogoutFilter logoutFilter = new LogoutFilter(env.getRequiredProperty(CAS_URL_LOGOUT) + "?service="
126.                 + env.getRequiredProperty(APP_SERVICE_HOME), new SecurityContextLogoutHandler());
127.         logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"));
128.         return logoutFilter;
129.     }
130.  
131.     @Inject
132.     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
133.         auth.authenticationProvider(casAuthenticationProvider());
134.     }
135.  
136.     @Override
137.     public void configure(WebSecurity web) throws Exception {
138.         web.ignoring().antMatchers("/fonts/**").antMatchers("/images/**").antMatchers("/scripts/**")
139.                 .antMatchers("/styles/**").antMatchers("/views/**").antMatchers("/i18n/**");
140.     }
141.  
142.     @Override
143.     protected void configure(HttpSecurity http) throws Exception {
144.         http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
145.                 .authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilter(casAuthenticationFilter())
146.                 .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
147.                 .addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class);
148.  
149.         http.headers().frameOptions().disable().authorizeRequests()
150.             .antMatchers("/logout*", "logout*").permitAll()
151.                 .anyRequest().authenticated();
152.  
153.         /**
154.          * <logout invalidate-session="true" delete-cookies="JSESSIONID" />
155.          */
156.         http.logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true)
157.                 .deleteCookies("JSESSIONID").deleteCookies("CSRF-TOKEN");
158.  
159.          http.csrf();
160.     }
161. }