Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- @Configuration
- public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
- @Inject
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
- }
- // private test implementations so we can explore security without a database
- // here all usernames and passwords are valid
- // org.springframework.security.crypto.password.PasswordEncoder
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new PasswordEncoder() {
- @Override public String encode(CharSequence cs) {
- return cs.toString();
- }
- @Override public boolean matches(CharSequence cs, String string) {
- return true;
- }
- };
- }
- @Bean
- public UserDetailsService createUserDetailsService() {
- return new UserDetailsService() {
- @Override
- public UserDetails loadUserByUsername(String string) throws UsernameNotFoundException {
- return new User(); // a trivial implementation of UserDetails
- }
- };
- }
- @Bean
- @Inject
- public DaoAuthenticationProvider createDaoAuthenticationProvider(UserDetailsService service, PasswordEncoder encoder) {
- DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
- provider.setUserDetailsService(service);
- provider.setPasswordEncoder(encoder);
- return provider;
- }
- @Bean
- @Inject
- public AuthenticationManager authenticationManager(AuthenticationProvider provider) throws Exception {
- // includes a trivial implementation of ObjectPostProcessor
- return new AuthenticationManagerBuilder(new NopPostProcessor())
- .authenticationProvider(provider)
- .build();
- }
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
- messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
- "Only UsernamePasswordAuthenticationToken is supported"));
- // Determine username
- String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
- boolean cacheWasUsed = true;
- UserDetails user = this.userCache.getUserFromCache(username);
- if (user == null) {
- cacheWasUsed = false;
- try {
- user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
- } catch (UsernameNotFoundException notFound) {
- logger.debug("User '" + username + "' not found");
- if (hideUserNotFoundExceptions) {
- throw new BadCredentialsException(messages.getMessage(
- "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
- } else {
- throw notFound;
- }
- }
- Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
- }
- try {
- preAuthenticationChecks.check(user);
- additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
- } catch (AuthenticationException exception) {
- if (cacheWasUsed) {
- // There was a problem, so try again after checking
- // we're using latest data (i.e. not from the cache)
- cacheWasUsed = false;
- user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
- preAuthenticationChecks.check(user);
- additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
- } else {
- throw exception;
- }
- }
- postAuthenticationChecks.check(user);
- if (!cacheWasUsed) {
- this.userCache.putUserInCache(user);
- }
- Object principalToReturn = user;
- if (forcePrincipalAsString) {
- principalToReturn = user.getUsername();
- }
- return createSuccessAuthentication(principalToReturn, authentication, user);
- }
- @SuppressWarnings("deprecation")
- protected void additionalAuthenticationChecks(UserDetails userDetails,
- UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
- Object salt = null;
- if (this.saltSource != null) {
- salt = this.saltSource.getSalt(userDetails);
- }
- if (authentication.getCredentials() == null) {
- logger.debug("Authentication failed: no credentials provided");
- throw new BadCredentialsException(messages.getMessage(
- "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
- }
- String presentedPassword = authentication.getCredentials().toString();
- if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
- logger.debug("Authentication failed: password does not match stored value");
- throw new BadCredentialsException(messages.getMessage(
- "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
- }
- }
- @Bean
- public PasswordEncoder passwordEncoder() { ... }
- @Bean
- public UserDetailsService userDetailsService() { ... }
- @Bean
- public DaoAuthenticationProvider daoAuthenticationProvider() {
- DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
- provider.setUserDetailsService(this.userDetailsService());
- provider.setPasswordEncoder(this.passwordEncoder());
- return provider;
- }
- @Bean
- public AuthenticationManager authenticationManager() throws Exception {
- return new AuthenticationManagerBuilder(new NopPostProcessor())
- .authenticationProvider(this.daoAuthenticationProvider())
- .build();
- }
- auth.userDetailsService(this.userDetailsService())
Add Comment
Please, Sign In to add comment