package com.security.config;import java.util.ArrayList;import java.util.List;

1. package com.security.config;
2.  
3. import java.util.ArrayList;
4. import java.util.List;
5.  
6. import org.springframework.beans.factory.annotation.Autowired;
7. import org.springframework.context.annotation.Bean;
8. import org.springframework.context.annotation.Configuration;
9. import org.springframework.security.authentication.AuthenticationManager;
10. import org.springframework.security.authentication.AuthenticationProvider;
11. import org.springframework.security.authentication.ProviderManager;
12. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
13. import org.springframework.security.config.annotation.web.builders.WebSecurity;
14. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
15. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
16. import org.springframework.security.config.http.SessionCreationPolicy;
17. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
18.  
19. import com.security.Handler.CustomAuthenticationFailureHandler;
20. import com.security.Handler.CustomeAccessDeniedHandler;
21. import com.security.Handler.CustomeSuccessHandler;
22. import com.security.filter.UserNamePasswordFilter;
23. import com.security.provider.UserNamePasswordAuthProvider;
24. import com.security.utils.UrlAccess;
25.  
26. @EnableWebSecurity
27. @Configuration
28. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
29. @Autowired
30. CustomeSuccessHandler Successhandler;
31. @Autowired
32. UserNamePasswordAuthProvider userNamePasswordAuthProvider;
33. @Autowired
34. CustomAuthenticationFailureHandler customAuthenticationFailureHandler;
35. @Autowired
36. CustomeAccessDeniedHandler customeAccessDeniedHandler;
37.  
38. @Override
39. protected void configure(HttpSecurity http) throws Exception {
40.  
41. http.csrf().disable();
42. http.addFilterBefore(getUserNamePasswordFilter(),UsernamePasswordAuthenticationFilter.class);
43. http.authorizeRequests().antMatchers("**/getAuthToken/**").access("hasAuthority('ADMIN')").anyRequest()
44. .authenticated().and().exceptionHandling().authenticationEntryPoint(customeAccessDeniedHandler);
45. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
46. }
47.  
48. @Override
49. public void configure(WebSecurity web) throws Exception {
50.  
51. web.ignoring().antMatchers("/", "**/v0.1/**");//
52. web.ignoring().antMatchers("**/resource/**");
53. }
54.  
55. @Bean
56. public UserNamePasswordFilter getUserNamePasswordFilter() throws Exception {
57. UserNamePasswordFilter filter = new UserNamePasswordFilter(UrlAccess.Get_Token_Url);
58.  
59. filter.setAuthenticationManager(authenticationManager());
60. filter.setAuthenticationSuccessHandler(Successhandler);
61. filter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
62.  
63. return filter;
64. }
65.  
66. @Bean
67. public AuthenticationManager authenticationManager() throws Exception {
68. final List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
69. list.add(getUserNamePasswordAuthProvider());
70. return new ProviderManager(list);
71.  
72. }
73.  
74. public UserNamePasswordAuthProvider getUserNamePasswordAuthProvider() {
75. return userNamePasswordAuthProvider;
76. }
77.  
78. }
79.  
80. package com.security.filter;
81.  
82. import java.io.IOException;
83.  
84. import javax.servlet.FilterChain;
85. import javax.servlet.ServletException;
86. import javax.servlet.http.HttpServletRequest;
87. import javax.servlet.http.HttpServletResponse;
88.  
89.  
90. import org.springframework.security.core.Authentication;
91. import org.springframework.security.core.AuthenticationException;
92. import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
93. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
94.  
95.  
96. import com.security.model.UserNamePassword;
97.  
98.  
99.  
100.  
101. public class UserNamePasswordFilter extends AbstractAuthenticationProcessingFilter {
102.  
103.  
104.  
105.  
106. public UserNamePasswordFilter(String url) {
107. super(url);
108.  
109.  
110. }
111.  
112. @Override
113. public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
114. throws AuthenticationException {
115.  
116.  
117. String username = request.getParameter("Username");
118. String password = request.getParameter("Password");
119.  
120. UserNamePassword usernamepassword = new UserNamePassword(username, password);
121.  
122. return this.getAuthenticationManager().authenticate(usernamepassword);
123. }
124.  
125. @Override
126. protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
127. Authentication authResult) throws IOException, ServletException {
128.  
129. super.successfulAuthentication(request, response, chain, authResult);
130. }
131.  
132. @Override
133. protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
134. AuthenticationException failed) throws IOException, ServletException {
135.  
136. super.unsuccessfulAuthentication(request, response, failed);
137. }
138.  
139. }
140.  
141. .addFilterAfter(getUserNamePasswordFilter(), BasicAuthenticationFilter.class);