Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.security.config;
- import java.util.ArrayList;
- import java.util.List;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.authentication.AuthenticationProvider;
- import org.springframework.security.authentication.ProviderManager;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.builders.WebSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.config.http.SessionCreationPolicy;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- import com.security.Handler.CustomAuthenticationFailureHandler;
- import com.security.Handler.CustomeAccessDeniedHandler;
- import com.security.Handler.CustomeSuccessHandler;
- import com.security.filter.UserNamePasswordFilter;
- import com.security.provider.UserNamePasswordAuthProvider;
- import com.security.utils.UrlAccess;
- @EnableWebSecurity
- @Configuration
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- CustomeSuccessHandler Successhandler;
- @Autowired
- UserNamePasswordAuthProvider userNamePasswordAuthProvider;
- @Autowired
- CustomAuthenticationFailureHandler customAuthenticationFailureHandler;
- @Autowired
- CustomeAccessDeniedHandler customeAccessDeniedHandler;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable();
- http.addFilterBefore(getUserNamePasswordFilter(),UsernamePasswordAuthenticationFilter.class);
- http.authorizeRequests().antMatchers("**/getAuthToken/**").access("hasAuthority('ADMIN')").anyRequest()
- .authenticated().and().exceptionHandling().authenticationEntryPoint(customeAccessDeniedHandler);
- http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
- }
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/", "**/v0.1/**");//
- web.ignoring().antMatchers("**/resource/**");
- }
- @Bean
- public UserNamePasswordFilter getUserNamePasswordFilter() throws Exception {
- UserNamePasswordFilter filter = new UserNamePasswordFilter(UrlAccess.Get_Token_Url);
- filter.setAuthenticationManager(authenticationManager());
- filter.setAuthenticationSuccessHandler(Successhandler);
- filter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
- return filter;
- }
- @Bean
- public AuthenticationManager authenticationManager() throws Exception {
- final List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
- list.add(getUserNamePasswordAuthProvider());
- return new ProviderManager(list);
- }
- public UserNamePasswordAuthProvider getUserNamePasswordAuthProvider() {
- return userNamePasswordAuthProvider;
- }
- }
- package com.security.filter;
- import java.io.IOException;
- import javax.servlet.FilterChain;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.AuthenticationException;
- import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- import com.security.model.UserNamePassword;
- public class UserNamePasswordFilter extends AbstractAuthenticationProcessingFilter {
- public UserNamePasswordFilter(String url) {
- super(url);
- }
- @Override
- public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
- throws AuthenticationException {
- String username = request.getParameter("Username");
- String password = request.getParameter("Password");
- UserNamePassword usernamepassword = new UserNamePassword(username, password);
- return this.getAuthenticationManager().authenticate(usernamepassword);
- }
- @Override
- protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
- Authentication authResult) throws IOException, ServletException {
- super.successfulAuthentication(request, response, chain, authResult);
- }
- @Override
- protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
- AuthenticationException failed) throws IOException, ServletException {
- super.unsuccessfulAuthentication(request, response, failed);
- }
- }
- .addFilterAfter(getUserNamePasswordFilter(), BasicAuthenticationFilter.class);
Add Comment
Please, Sign In to add comment