Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- WebConfig:
- @Configuration
- @EnableWebMvcSecurity
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private CustomAuthenticationProvider customAuthenticationProvider;
- @Autowired
- private AMCiUserDetailsService userDetailsService;
- @Autowired
- private CustomImpersonateFailureHandler impersonateFailureHandler;
- @Autowired
- private LoginFailureHandler loginFailureHandler;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .csrf().disable()
- .authorizeRequests()
- .antMatchers("/jsp/*.css","/jsp/*.js","/images/**").permitAll()
- .antMatchers("/login/impersonate*").access("hasRole('ADMIN') or hasRole('ROLE_PREVIOUS_ADMINISTRATOR')")
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .loginPage("/login.jsp")
- .defaultSuccessUrl("/jsp/Home.jsp",true)
- .loginProcessingUrl("/login.jsp")
- .failureHandler(loginFailureHandler)
- .permitAll()
- .and()
- .logout()
- .logoutSuccessUrl("/login.jsp?msg=1")
- .permitAll()
- .and()
- .addFilter(switchUserFilter())
- .authenticationProvider(customAuthenticationProvider);
- http.exceptionHandling().accessDeniedPage("/jsp/SecurityViolation.jsp"); //if user not authorized to a page, automatically forward them to this page.
- http.headers().addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN));
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.authenticationProvider(customAuthenticationProvider);
- }
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
- //Used for the impersonate functionality
- @Bean CustomSwitchUserFilter switchUserFilter() {
- CustomSwitchUserFilter filter = new CustomSwitchUserFilter();
- filter.setUserDetailsService(userDetailsService);
- filter.setTargetUrl("/jsp/Impersonate.jsp?msg=0");
- filter.setSwitchUserUrl("/login/impersonate");
- filter.setExitUserUrl("/logout/impersonate");
- filter.setFailureHandler(impersonateFailureHandler);
- return filter;
- }
- }
- @Component
- public class CustomAuthenticationProvider implements AuthenticationProvider {
- @Autowired(required = true)
- private HttpServletRequest request;
- @Autowired
- private AMCiUserDetailsService userService;
- @Autowired
- private PasswordEncoder encoder;
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- String username = authentication.getName().trim();
- String password = ((String) authentication.getCredentials()).trim();
- if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
- throw new BadCredentialsException("Login failed! Please try again.");
- }
- UserDetails user;
- try {
- user = userService.loadUserByUsername(username);
- //log successful attempt
- auditLoginBean.setComment("Login Successful");
- auditLoginBean.insert();
- } catch (Exception e) {
- try {
- //log unsuccessful attempt
- auditLoginBean.setComment("Login Unsuccessful");
- auditLoginBean.insert();
- } catch (Exception e1) {
- // TODO Auto-generated catch block
- }
- throw new BadCredentialsException("Please enter a valid username and password.");
- }
- if (!encoder.matches(password, user.getPassword().trim())) {
- throw new BadCredentialsException("Please enter a valid username and password.");
- }
- if (!user.isEnabled()) {
- throw new DisabledException("Please enter a valid username and password.");
- }
- if (!user.isAccountNonLocked()) {
- throw new LockedException("Account locked. ");
- }
- Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
- List<GrantedAuthority> permlist = new ArrayList<GrantedAuthority>(authorities);
- return new UsernamePasswordAuthenticationToken(user, password, permlist);
- }
- public boolean supports(Class<? extends Object> authentication) {
- return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
- }
Add Comment
Please, Sign In to add comment