API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 29th, 2014
188
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.22 KB | None | 0 0
raw download clone embed print report
  1. @Configuration
  2. @EnableWebSecurity
  3. @EnableGlobalMethodSecurity(securedEnabled = true)
  4. public class MultiHttpSecurityConfig {
  5.  
  6. public static final Logger LOGGER = LoggerFactory.getLogger(MultiHttpSecurityConfig.class);
  7.  
  8. @Autowired
  9. UserDetailsRepository userDetailsRepository;
  10.  
  11. @Autowired
  12. static RestAuthenticationEntryPoint authenticationEntryPoint;
  13. @Autowired
  14. static RestAccessDeniedHandler restAccessDeniedHandler;
  15.  
  16. @Autowired
  17. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  18. LOGGER.debug("Configuring Spring Security AuthenticationManagerBuilder...");
  19. auth.userDetailsService(userDetailsRepository);
  20. }
  21.  
  22. @Configuration
  23. @Order(1)
  24. public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
  25. @Override
  26. protected void configure(HttpSecurity http) throws Exception {
  27. LOGGER.debug("Configuring Spring Security HttpSecurity...");
  28.  
  29. http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated().and().exceptionHandling()
  30. .authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(restAccessDeniedHandler).and().csrf().disable();
  31.  
  32. }
  33. }
  34.  
  35. @Configuration
  36. public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
  37.  
  38. @Override
  39. public void configure(WebSecurity web) throws Exception {
  40. web.ignoring().antMatchers("/resources/**");
  41.  
  42. }
  43.  
  44. @Override
  45. protected void configure(HttpSecurity http) throws Exception {
  46. LOGGER.debug("Configuring Spring Security HttpSecurity...");
  47. http.authorizeRequests().antMatchers("/login.jsp").permitAll();
  48. http.authorizeRequests().antMatchers("/login").permitAll();
  49. http.authorizeRequests().antMatchers("/logout.html").permitAll();
  50. http.authorizeRequests().antMatchers("/ess/partials/alertPopup.html").permitAll();
  51. http.authorizeRequests().antMatchers("/partials/alertPopup.html").permitAll();
  52.  
  53. http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginProcessingUrl("/login").loginPage("/login.jsp")
  54. .defaultSuccessUrl("/app.html").and().logout().logoutUrl("/logout").logoutSuccessUrl("/logout.html").and().csrf().disable();
  55.  
  56. }
  57. }
  58. }
  59.  
  60. @Component
  61. public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
  62.  
  63. public static final Logger LOGGER = LoggerFactory.getLogger(RestAuthenticationEntryPoint.class);
  64.  
  65. @Override
  66. public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException,
  67. ServletException {
  68. LOGGER.debug("AuthenticationException Message ::::::::: ", authenticationException.getMessage());
  69. response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
  70.  
  71. }
  72.  
  73. }
  74.  
  75. @Component
  76. public class RestAccessDeniedHandler extends AccessDeniedHandlerImpl {
  77. @Override
  78. public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException,
  79. ServletException {
  80. final String bodyOfResponse = accessDeniedException.getMessage();
  81. response.setStatus(HttpServletResponse.SC_FORBIDDEN);
  82. }
  83. }
  84.  
  85. 2014-11-29_13:51:48.711 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - authenticateIfRequired - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
  86. 2014-11-29_13:51:48.711 DEBUG o.s.s.access.vote.AffirmativeBased - decide - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@59e0dd67, returned: -1
  87. 2014-11-29_13:51:48.734 DEBUG o.s.s.w.a.ExceptionTranslationFilter - handleSpringSecurityException - Access is denied (user is anonymous); redirecting to authentication entry point
  88. org.springframework.security.access.AccessDeniedException: Access is denied
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!