Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(securedEnabled = true)
- public class MultiHttpSecurityConfig {
- public static final Logger LOGGER = LoggerFactory.getLogger(MultiHttpSecurityConfig.class);
- @Autowired
- UserDetailsRepository userDetailsRepository;
- @Autowired
- static RestAuthenticationEntryPoint authenticationEntryPoint;
- @Autowired
- static RestAccessDeniedHandler restAccessDeniedHandler;
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- LOGGER.debug("Configuring Spring Security AuthenticationManagerBuilder...");
- auth.userDetailsService(userDetailsRepository);
- }
- @Configuration
- @Order(1)
- public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- LOGGER.debug("Configuring Spring Security HttpSecurity...");
- http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated().and().exceptionHandling()
- .authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(restAccessDeniedHandler).and().csrf().disable();
- }
- }
- @Configuration
- public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/resources/**");
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- LOGGER.debug("Configuring Spring Security HttpSecurity...");
- http.authorizeRequests().antMatchers("/login.jsp").permitAll();
- http.authorizeRequests().antMatchers("/login").permitAll();
- http.authorizeRequests().antMatchers("/logout.html").permitAll();
- http.authorizeRequests().antMatchers("/ess/partials/alertPopup.html").permitAll();
- http.authorizeRequests().antMatchers("/partials/alertPopup.html").permitAll();
- http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginProcessingUrl("/login").loginPage("/login.jsp")
- .defaultSuccessUrl("/app.html").and().logout().logoutUrl("/logout").logoutSuccessUrl("/logout.html").and().csrf().disable();
- }
- }
- }
- @Component
- public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
- public static final Logger LOGGER = LoggerFactory.getLogger(RestAuthenticationEntryPoint.class);
- @Override
- public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException,
- ServletException {
- LOGGER.debug("AuthenticationException Message ::::::::: ", authenticationException.getMessage());
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
- }
- }
- @Component
- public class RestAccessDeniedHandler extends AccessDeniedHandlerImpl {
- @Override
- public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException,
- ServletException {
- final String bodyOfResponse = accessDeniedException.getMessage();
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- }
- }
- 2014-11-29_13:51:48.711 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - authenticateIfRequired - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
- 2014-11-29_13:51:48.711 DEBUG o.s.s.access.vote.AffirmativeBased - decide - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@59e0dd67, returned: -1
- 2014-11-29_13:51:48.734 DEBUG o.s.s.w.a.ExceptionTranslationFilter - handleSpringSecurityException - Access is denied (user is anonymous); redirecting to authentication entry point
- org.springframework.security.access.AccessDeniedException: Access is denied
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement