Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.heatmanofurioso.concertlivecheck.webapp;
- import com.heatmanofurioso.concertlivecheck.webapp.authentication.CustomFilter;
- import com.heatmanofurioso.concertlivecheck.webapp.authentication.MySavedRequestAwareAuthenticationSuccessHandler;
- import com.heatmanofurioso.concertlivecheck.webapp.authentication.RestAuthenticationEntryPoint;
- import com.heatmanofurioso.concertlivecheck.webapp.repository.CLCJdbcTokenRepositoryImpl;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.jdbc.datasource.lookup.JndiDataSourceLookup;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
- import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
- import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
- import javax.sql.DataSource;
- @Configuration
- @EnableWebSecurity(debug = true)
- /*
- Spring web security configuration
- */
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- private static final String MYSQL_DATA_SOURCE = "java:jboss/MysqlDataSource";
- private Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
- private RestAuthenticationEntryPoint restAuthenticationEntryPoint = new RestAuthenticationEntryPoint();
- @Autowired
- private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
- @Bean
- public DataSource dataSource() {
- JndiDataSourceLookup jndiDataSourceLookup = new JndiDataSourceLookup();
- return jndiDataSourceLookup.getDataSource(MYSQL_DATA_SOURCE);
- }
- @Autowired
- public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
- auth.jdbcAuthentication().dataSource(dataSource())
- .usersByUsernameQuery(
- "select USERNAME,PASSWORD, ACTIVE from ConcertLiveCheck.USER where USERNAME=?")
- .authoritiesByUsernameQuery(
- "SELECT userTable.USERNAME, roleTable.NAME as 'ROLE'\n"
- + "FROM ConcertLiveCheck.USER userTable, ConcertLiveCheck.ROLE roleTable, ConcertLiveCheck.USER_ROLE userRoleTable\n"
- + "WHERE userTable.ID = userRoleTable.USER_ID AND roleTable.ID = userRoleTable.ROLE_ID AND userRoleTable.USER_ID = \n"
- + "(SELECT ID from ConcertLiveCheck.USER WHERE USERNAME = ?);");
- }
- @Bean
- public MySavedRequestAwareAuthenticationSuccessHandler mySuccessHandler() {
- return new MySavedRequestAwareAuthenticationSuccessHandler();
- }
- @Bean
- public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
- return new SimpleUrlAuthenticationFailureHandler();
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http //Authorization
- .csrf().disable()
- .exceptionHandling()
- .authenticationEntryPoint(restAuthenticationEntryPoint)
- .and()
- //Url matching
- .authorizeRequests() //Authorize Request Configuration
- .antMatchers("/login/**", "/register/**").permitAll()
- .antMatchers("/admin/**").hasRole("ADMIN")
- .antMatchers("/", "/*").hasAnyRole("USER", "ADMIN")
- .antMatchers("/testUser").authenticated()
- .and()
- //Form matching
- .formLogin()
- .usernameParameter("username").passwordParameter("password")
- .loginPage("/login").permitAll()
- .successHandler(authenticationSuccessHandler)
- .failureHandler(new SimpleUrlAuthenticationFailureHandler())
- .and() //Logout Form configuration
- .logout()
- .permitAll();
- http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
- }
- @Bean
- public PersistentTokenRepository persistentTokenRepository() {
- final CLCJdbcTokenRepositoryImpl jdbcTokenRepository = new CLCJdbcTokenRepositoryImpl();
- jdbcTokenRepository.setDataSource(dataSource());
- return jdbcTokenRepository;
- }
- }
- //Controller
- @RequestMapping(value = "/testUser", method = {RequestMethod.POST, RequestMethod.GET})
- public List<UserDTO> testUser() {
- return gigManagementFactory.getUserList();
- }
- @RequestMapping(value = "/getRefDataItem", method = {RequestMethod.POST, RequestMethod.GET})
- public String getRefDataItem(@RequestParam(value = "name") String name) {
- logger.info("getRefDataItem with id:" + name);
- ReferenceDataDTO response = userManagementFactory.getRefDataByName(name);
- return gson.toJson(response);
- }
- @RequestMapping(value = "/login", method = {RequestMethod.POST, RequestMethod.GET})
- public String login() {
- return "TOP KEK LOGIN";
- }
- @RequestMapping(value = "/logout", method = {RequestMethod.POST, RequestMethod.GET})
- @ResponseStatus(HttpStatus.NO_CONTENT)
- public void logout(HttpSession session) {
- session.invalidate();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement