API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 5th, 2016
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.61 KB | None | 0 0
raw download clone embed print report
  1. package com.company.config;
  2. import org.springframework.beans.factory.annotation.Autowired;
  3. import org.springframework.beans.factory.annotation.Qualifier;
  4. import org.springframework.context.annotation.Bean;
  5. import org.springframework.context.annotation.Configuration;
  6. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  7. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  8. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  9. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  10. import org.springframework.security.core.userdetails.UserDetailsService;
  11. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  12. import org.springframework.security.crypto.password.PasswordEncoder;
  13.  
  14. @Configuration
  15. @EnableWebSecurity
  16. public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
  17.  
  18. @Autowired
  19. @Qualifier("userDetailsService")
  20. UserDetailsService userDetailsService;
  21.  
  22. @Autowired
  23. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
  24. auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
  25. }
  26.  
  27. @Bean
  28. public PasswordEncoder passwordEncoder() {
  29. PasswordEncoder encoder = new BCryptPasswordEncoder();
  30. return encoder;
  31. }
  32.  
  33.  
  34. @Override
  35. protected void configure(HttpSecurity http) throws Exception {
  36.  
  37. http.authorizeRequests()
  38. .antMatchers("**/admin/**").access("hasAnyRole('ROLE_ADMIN','ROLE_SUPERADMIN')")
  39. .antMatchers("/superadmin/**").access("hasRole('ROLE_SUPERADMIN')")
  40. .antMatchers("**/user/**").access("hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_SUPERADMIN')")
  41. .antMatchers("/resources/**").permitAll()
  42. .antMatchers("/messages/**").permitAll()
  43. .and()
  44. .formLogin()
  45. .loginPage("/login")
  46. .usernameParameter("username")
  47. .passwordParameter("password")
  48. .defaultSuccessUrl("/user/home")
  49. .failureUrl("/403")
  50. .permitAll()
  51. .and()
  52. .exceptionHandling().accessDeniedPage("/403")
  53. .and()
  54. .logout().logoutUrl("/logout")
  55. .and()
  56. .csrf().disable();
  57. }
  58. }
  59.  
  60. package com.company.service.impl;
  61.  
  62. import java.util.ArrayList;
  63. import java.util.HashSet;
  64. import java.util.List;
  65. import java.util.Set;
  66.  
  67. import org.springframework.beans.factory.annotation.Autowired;
  68. import org.springframework.security.core.GrantedAuthority;
  69. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  70. import org.springframework.security.core.userdetails.User;
  71. import org.springframework.security.core.userdetails.UserDetails;
  72. import org.springframework.security.core.userdetails.UserDetailsService;
  73. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  74. import org.springframework.stereotype.Service;
  75. import org.springframework.transaction.annotation.Transactional;
  76.  
  77. import com.company.dao.UsuarioDao;
  78. import com.company.model.UserRole;
  79. import com.company.model.Usuario;
  80.  
  81. @Service("userDetailsService")
  82. public class MyUserDetailsService implements UserDetailsService{
  83.  
  84. @Autowired
  85. private UsuarioDao usuarioDao;
  86.  
  87.  
  88. @Transactional(readOnly=true)
  89. public UserDetails loadUserByUsername(String username)
  90. throws UsernameNotFoundException {
  91.  
  92. Usuario usuario = usuarioDao.findByChave(username);
  93. List<GrantedAuthority> authorities = buildUserAuthority(usuario.getUserRole());
  94.  
  95. return buildUserForAuthentication(usuario, authorities);
  96.  
  97. }
  98.  
  99. private User buildUserForAuthentication(Usuario user,
  100. List<GrantedAuthority> authorities) {
  101.  
  102. User usr= new User(user.getUsername(), user.getPassword(),
  103. user.isEnabled(), true, true, true, authorities);
  104.  
  105. System.out.println(usr.toString());
  106. /*
  107. * Prints: org.springframework.security.core.userdetails.User@ae6e27ef:
  108. * Username: SMITH; Password: [PROTECTED]; Enabled: true;
  109. * AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked:
  110. * true; Not granted any authorities
  111. */
  112.  
  113. return usr;
  114.  
  115. }
  116.  
  117. private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles){
  118.  
  119. Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
  120.  
  121. // Build user's authorities
  122. for (UserRole userRole : userRoles) {
  123. setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
  124. }
  125.  
  126. List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
  127.  
  128. return Result;
  129. }
  130.  
  131. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!