API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 2nd, 2016
64
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.67 KB | None | 0 0
raw download clone embed print report
  1. @Configuration
  2. @EnableWebMvcSecurity
  3. @EnableGlobalMethodSecurity(
  4. prePostEnabled = true, order = 0, mode = AdviceMode.PROXY,
  5. proxyTargetClass = false
  6. )
  7. public class SecurityConfiguration extends WebSecurityConfigurerAdapter
  8. {
  9.  
  10. @Inject UserService userService;
  11.  
  12. @Bean
  13. protected SessionRegistry sessionRegistryImpl()
  14. {
  15. return new SessionRegistryImpl();
  16. }
  17.  
  18. @Bean
  19. @Override
  20. public AuthenticationManager authenticationManagerBean() throws Exception
  21. {
  22. return super.authenticationManagerBean();
  23. }
  24.  
  25. @Override
  26. protected void configure(AuthenticationManagerBuilder builder)
  27. throws Exception
  28. {
  29. builder
  30. .userDetailsService(this.userService)
  31. .passwordEncoder(new BCryptPasswordEncoder())
  32. .and()
  33. .eraseCredentials(true);
  34. }
  35.  
  36. @Override
  37. public void configure(WebSecurity security)
  38. {
  39. security.ignoring().antMatchers("/resources/**", "/favicon.ico");
  40. }
  41.  
  42. @Override
  43. protected void configure(HttpSecurity security) throws Exception
  44. {
  45. security
  46. .authorizeRequests()
  47. .antMatchers("/session/list")
  48. .hasAuthority("VIEW_USER_SESSIONS")
  49. .anyRequest().authenticated()
  50. .and().formLogin()
  51. .loginPage("/login").failureUrl("/login?loginFailed")
  52. .defaultSuccessUrl("/content/list")
  53. .usernameParameter("username")
  54. .passwordParameter("password")
  55. .permitAll()
  56. .and().logout()
  57. .logoutUrl("/logout").logoutSuccessUrl("/login?loggedOut")
  58. .invalidateHttpSession(true).deleteCookies("JSESSIONID")
  59. .permitAll()
  60. .and().sessionManagement()
  61. .sessionFixation().changeSessionId()
  62. .maximumSessions(1).maxSessionsPreventsLogin(true)
  63. .sessionRegistry(this.sessionRegistryImpl())
  64. .and().and().csrf()
  65. .requireCsrfProtectionMatcher((r) -> {
  66. String m = r.getMethod();
  67. return !r.getServletPath().startsWith("/services/") &&
  68. ("POST".equals(m) || "PUT".equals(m) ||
  69. "DELETE".equals(m) || "PATCH".equals(m));
  70. });
  71. }
  72. }
  73.  
  74. @WebController
  75. public class AuthenticationController
  76. {
  77. @RequestMapping(value = "login", method = RequestMethod.GET)
  78. public ModelAndView login(Map<String, Object> model)
  79. {
  80. if(SecurityContextHolder.getContext().getAuthentication() instanceof
  81. UserPrincipal)
  82. return new ModelAndView(new RedirectView("/content/list", true, false));
  83.  
  84. model.put("loginForm", new LoginForm());
  85. return new ModelAndView("login");
  86. }
  87.  
  88. public static class LoginForm
  89. {
  90. private String username;
  91. private String password;
  92.  
  93. public String getUsername()
  94. {
  95. return username;
  96. }
  97.  
  98. public void setUsername(String username)
  99. {
  100. this.username = username;
  101. }
  102.  
  103. public String getPassword()
  104. {
  105. return password;
  106. }
  107.  
  108. public void setPassword(String password)
  109. {
  110. this.password = password;
  111. }
  112. }
  113. }
  114.  
  115. @RequestMapping(value = {"", "list"}, method = RequestMethod.GET)
  116. public String list(Map<String, Object> model)
  117. {
  118. log.debug("Listing tickets.");
  119. model.put("tickets", this.ticketService.getAllTickets());
  120.  
  121. return "content/list";
  122. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!