API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 23rd, 2018
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 5.58 KB | None | 0 0
raw download clone embed print report
  1. package com.heatmanofurioso.concertlivecheck.webapp;
  2.  
  3. import com.heatmanofurioso.concertlivecheck.webapp.authentication.CustomFilter;
  4. import com.heatmanofurioso.concertlivecheck.webapp.authentication.MySavedRequestAwareAuthenticationSuccessHandler;
  5. import com.heatmanofurioso.concertlivecheck.webapp.authentication.RestAuthenticationEntryPoint;
  6. import com.heatmanofurioso.concertlivecheck.webapp.repository.CLCJdbcTokenRepositoryImpl;
  7. import org.slf4j.Logger;
  8. import org.slf4j.LoggerFactory;
  9. import org.springframework.beans.factory.annotation.Autowired;
  10. import org.springframework.context.annotation.Bean;
  11. import org.springframework.context.annotation.Configuration;
  12. import org.springframework.jdbc.datasource.lookup.JndiDataSourceLookup;
  13. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  14. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  15. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  16. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  17. import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
  18. import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
  19. import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
  20.  
  21. import javax.sql.DataSource;
  22.  
  23. @Configuration
  24. @EnableWebSecurity(debug = true)
  25. /*
  26. Spring web security configuration
  27.  */
  28. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  29.  
  30.     private static final String MYSQL_DATA_SOURCE = "java:jboss/MysqlDataSource";
  31.     private Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
  32.     private RestAuthenticationEntryPoint restAuthenticationEntryPoint = new RestAuthenticationEntryPoint();
  33.     @Autowired
  34.     private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
  35.  
  36.     @Bean
  37.     public DataSource dataSource() {
  38.         JndiDataSourceLookup jndiDataSourceLookup = new JndiDataSourceLookup();
  39.         return jndiDataSourceLookup.getDataSource(MYSQL_DATA_SOURCE);
  40.     }
  41.  
  42.     @Autowired
  43.     public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
  44.  
  45.         auth.jdbcAuthentication().dataSource(dataSource())
  46.             .usersByUsernameQuery(
  47.                 "select USERNAME,PASSWORD, ACTIVE from ConcertLiveCheck.USER where USERNAME=?")
  48.             .authoritiesByUsernameQuery(
  49.                 "SELECT userTable.USERNAME, roleTable.NAME as 'ROLE'\n"
  50.                     + "FROM ConcertLiveCheck.USER userTable, ConcertLiveCheck.ROLE roleTable, ConcertLiveCheck.USER_ROLE userRoleTable\n"
  51.                     + "WHERE userTable.ID = userRoleTable.USER_ID AND roleTable.ID = userRoleTable.ROLE_ID AND userRoleTable.USER_ID = \n"
  52.                     + "(SELECT ID from ConcertLiveCheck.USER WHERE USERNAME = ?);");
  53.     }
  54.  
  55.     @Bean
  56.     public MySavedRequestAwareAuthenticationSuccessHandler mySuccessHandler() {
  57.         return new MySavedRequestAwareAuthenticationSuccessHandler();
  58.     }
  59.  
  60.     @Bean
  61.     public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
  62.         return new SimpleUrlAuthenticationFailureHandler();
  63.     }
  64.  
  65.     @Override
  66.     protected void configure(HttpSecurity http) throws Exception {
  67.  
  68.         http //Authorization
  69.              .csrf().disable()
  70.              .exceptionHandling()
  71.              .authenticationEntryPoint(restAuthenticationEntryPoint)
  72.              .and()
  73.              //Url matching
  74.              .authorizeRequests() //Authorize Request Configuration
  75.              .antMatchers("/login/**", "/register/**").permitAll()
  76.              .antMatchers("/admin/**").hasRole("ADMIN")
  77.              .antMatchers("/", "/*").hasAnyRole("USER", "ADMIN")
  78.              .antMatchers("/testUser").authenticated()
  79.              .and()
  80.              //Form matching
  81.              .formLogin()
  82.              .usernameParameter("username").passwordParameter("password")
  83.              .loginPage("/login").permitAll()
  84.              .successHandler(authenticationSuccessHandler)
  85.              .failureHandler(new SimpleUrlAuthenticationFailureHandler())
  86.              .and() //Logout Form configuration
  87.              .logout()
  88.              .permitAll();
  89.  
  90.         http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
  91.     }
  92.  
  93.     @Bean
  94.     public PersistentTokenRepository persistentTokenRepository() {
  95.         final CLCJdbcTokenRepositoryImpl jdbcTokenRepository = new CLCJdbcTokenRepositoryImpl();
  96.         jdbcTokenRepository.setDataSource(dataSource());
  97.         return jdbcTokenRepository;
  98.     }
  99. }
  100.  
  101.  
  102.  
  103.  
  104.  
  105.  
  106.  
  107.  
  108.  
  109.  
  110. //Controller
  111. @RequestMapping(value = "/testUser", method = {RequestMethod.POST, RequestMethod.GET})
  112.     public List<UserDTO> testUser() {
  113.         return gigManagementFactory.getUserList();
  114.     }
  115.  
  116.     @RequestMapping(value = "/getRefDataItem", method = {RequestMethod.POST, RequestMethod.GET})
  117.     public String getRefDataItem(@RequestParam(value = "name") String name) {
  118.         logger.info("getRefDataItem with id:" + name);
  119.         ReferenceDataDTO response = userManagementFactory.getRefDataByName(name);
  120.  
  121.         return gson.toJson(response);
  122.     }
  123.  
  124.     @RequestMapping(value = "/login", method = {RequestMethod.POST, RequestMethod.GET})
  125.     public String login() {
  126.         return "TOP KEK LOGIN";
  127.     }
  128.  
  129.     @RequestMapping(value = "/logout", method = {RequestMethod.POST, RequestMethod.GET})
  130.     @ResponseStatus(HttpStatus.NO_CONTENT)
  131.     public void logout(HttpSession session) {
  132.         session.invalidate();
  133.     }
  134. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!