@EnableGlobalMethodSecurity(prePostEnabled = true)@Configurationpublic class S

1. @EnableGlobalMethodSecurity(prePostEnabled = true)
2. @Configuration
3. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
4.  
5. @Inject
6. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
7. auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
8. }
9.  
10. // private test implementations so we can explore security without a database
11. // here all usernames and passwords are valid
12. // org.springframework.security.crypto.password.PasswordEncoder
13. @Bean
14. public PasswordEncoder passwordEncoder() {
15. return new PasswordEncoder() {
16. @Override public String encode(CharSequence cs) {
17. return cs.toString();
18. }
19. @Override public boolean matches(CharSequence cs, String string) {
20. return true;
21. }
22. };
23. }
24.  
25. @Bean
26. public UserDetailsService createUserDetailsService() {
27. return new UserDetailsService() {
28. @Override
29. public UserDetails loadUserByUsername(String string) throws UsernameNotFoundException {
30. return new User(); // a trivial implementation of UserDetails
31. }
32. };
33. }
34.  
35. @Bean
36. @Inject
37. public DaoAuthenticationProvider createDaoAuthenticationProvider(UserDetailsService service, PasswordEncoder encoder) {
38. DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
39. provider.setUserDetailsService(service);
40. provider.setPasswordEncoder(encoder);
41. return provider;
42. }
43.  
44. @Bean
45. @Inject
46. public AuthenticationManager authenticationManager(AuthenticationProvider provider) throws Exception {
47. // includes a trivial implementation of ObjectPostProcessor
48. return new AuthenticationManagerBuilder(new NopPostProcessor())
49. .authenticationProvider(provider)
50. .build();
51. }
52.  
53. public Authentication authenticate(Authentication authentication) throws AuthenticationException {
54. Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
55. messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
56. "Only UsernamePasswordAuthenticationToken is supported"));
57.  
58. // Determine username
59. String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
60.  
61. boolean cacheWasUsed = true;
62. UserDetails user = this.userCache.getUserFromCache(username);
63.  
64. if (user == null) {
65. cacheWasUsed = false;
66.  
67. try {
68. user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
69. } catch (UsernameNotFoundException notFound) {
70. logger.debug("User '" + username + "' not found");
71.  
72. if (hideUserNotFoundExceptions) {
73. throw new BadCredentialsException(messages.getMessage(
74. "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
75. } else {
76. throw notFound;
77. }
78. }
79.  
80. Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
81. }
82.  
83. try {
84. preAuthenticationChecks.check(user);
85. additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
86. } catch (AuthenticationException exception) {
87. if (cacheWasUsed) {
88. // There was a problem, so try again after checking
89. // we're using latest data (i.e. not from the cache)
90. cacheWasUsed = false;
91. user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
92. preAuthenticationChecks.check(user);
93. additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
94. } else {
95. throw exception;
96. }
97. }
98.  
99. postAuthenticationChecks.check(user);
100.  
101. if (!cacheWasUsed) {
102. this.userCache.putUserInCache(user);
103. }
104.  
105. Object principalToReturn = user;
106.  
107. if (forcePrincipalAsString) {
108. principalToReturn = user.getUsername();
109. }
110.  
111. return createSuccessAuthentication(principalToReturn, authentication, user);
112. }
113.  
114. @SuppressWarnings("deprecation")
115. protected void additionalAuthenticationChecks(UserDetails userDetails,
116. UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
117. Object salt = null;
118.  
119. if (this.saltSource != null) {
120. salt = this.saltSource.getSalt(userDetails);
121. }
122.  
123. if (authentication.getCredentials() == null) {
124. logger.debug("Authentication failed: no credentials provided");
125.  
126. throw new BadCredentialsException(messages.getMessage(
127. "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
128. }
129.  
130. String presentedPassword = authentication.getCredentials().toString();
131.  
132. if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
133. logger.debug("Authentication failed: password does not match stored value");
134.  
135. throw new BadCredentialsException(messages.getMessage(
136. "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
137. }
138. }
139.  
140. @Bean
141. public PasswordEncoder passwordEncoder() { ... }
142.  
143. @Bean
144. public UserDetailsService userDetailsService() { ... }
145.  
146. @Bean
147. public DaoAuthenticationProvider daoAuthenticationProvider() {
148. DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
149. provider.setUserDetailsService(this.userDetailsService());
150. provider.setPasswordEncoder(this.passwordEncoder());
151. return provider;
152. }
153.  
154. @Bean
155. public AuthenticationManager authenticationManager() throws Exception {
156. return new AuthenticationManagerBuilder(new NopPostProcessor())
157. .authenticationProvider(this.daoAuthenticationProvider())
158. .build();
159. }
160.  
161. auth.userDetailsService(this.userDetailsService())