@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurit

1. @Configuration
2. @EnableWebSecurity
3. public class SecurityConfig extends WebSecurityConfigurerAdapter{
4.  
5. @Autowired
6. private Environment env;
7.  
8. @Autowired
9. private UserSecurityService userSecurityService;
10.  
11. private BCryptPasswordEncoder passwordEncoder() {
12. return SecurityUtility.passwordEncoder();
13. }
14.  
15. private static final String[] PUBLIC_MATCHERS= {
16. "/css/**",
17. "/js/**",
18. "/image/**",
19. "/book/**",
20. "/user/**",
21. };
22.  
23. @Override
24. protected void configure(HttpSecurity http) throws Exception {
25.  
26. http.csrf().disable()
27. .cors().disable().
28. httpBasic().and().
29. authorizeRequests().antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated();
30.  
31. }
32.  
33.  
34. @Autowired
35. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
36. auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
37. }
38.  
39. }
40.  
41. @Component
42. @Order(Ordered.HIGHEST_PRECEDENCE)
43. public class RequestFilter implements Filter{
44.  
45.  
46. public void doFilter(ServletRequest req ,ServletResponse res,FilterChain chain) {
47.  
48. HttpServletRequest request = (HttpServletRequest)req;
49.  
50. HttpServletResponse response = (HttpServletResponse)res;
51.  
52.  
53. response.setHeader("Access-Control-Allow-Origin","*");
54. response.setHeader("Access-Control-Allow-Methodes","POST,PUT,GET,OPTIONS,DELETE");
55. response.setHeader("Access-Control-Allow-Headers","x-requested-with,x-auth-token");
56. response.setHeader("Access-Control-Allow-Max-Age","3600");
57. response.setHeader("Access-Control-Allow-Credentials","true");
58.  
59.  
60. if(!request.getMethod().equalsIgnoreCase("OPTIONS")){
61. try {
62. chain.doFilter(req, res);
63. } catch (Exception e) {
64. // TODO Auto-generated catch block
65. e.printStackTrace();
66. }
67.  
68. }
69. else {
70. System.out.println("preflight");
71. response.setHeader("Access-Control-Allow-Methodes","POST,GET,DELETE");
72. response.setHeader("Access-Control-Allow-Max-Age","3600");
73. response.setHeader("Access-Control-Allow-Headers","authorization,content-type,x-auth-token,access-control-request-headers,access-control-request-method,accept,origin,x-requested-with");
74. response.setStatus(HttpServletResponse.SC_OK);
75.  
76. }
77.  
78. }
79.  
80. public void init(FilterConfig filterConfig) {
81.  
82. }
83.  
84. public void destroy() {
85.  
86. }
87.  
88.  
89. }
90.  
91. @RequestMapping("/token")
92. public Map<String, String> token(HttpSession session,HttpServletRequest request){
93.  
94. String remoteHost=request.getRemoteHost();
95. int portNumber=request.getRemotePort();
96. System.out.println(remoteHost +":"+portNumber);
97. System.out.println(request.getRemoteAddr());
98. return Collections.singletonMap("token",session.getId());
99. }
100.  
101. @Injectable()
102. export class LoginService {
103.  
104. constructor(private http: HttpClient) {
105.  
106. }
107. sendCredential(username: string, password: string) {
108. let url = "http://localhost:8080/token";
109. let encodedCredentials = btoa(username + ':' + password);
110. let basicHeader = "Basic " + encodedCredentials;
111. let headers=new HttpHeaders({
112. 'Content-Type': 'application/x-www-form-urlencoded',
113. 'Authorization': basicHeader
114. });
115.  
116. return this.http.get(url,{headers:headers});
117.  
118. }
119. }