API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 16th, 2019
85
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.98 KB | None | 0 0
raw download clone embed print report
  1. @EnableWebSecurity
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  3.  
  4. @Configuration
  5. @Order(1)
  6. public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
  7.  
  8. @Autowired CommonApplicationProperties commonProperties;
  9. @Autowired DashboardApplicationProperties applicationProperties;
  10.  
  11. @Autowired
  12. private CustomAuthenticationProvider authProvider;
  13.  
  14. @Override
  15. protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  16. auth.authenticationProvider(authProvider);
  17. }
  18.  
  19. @Override
  20. public void configure(WebSecurity web) throws Exception {
  21. web.ignoring().antMatchers(
  22. "/app/**",
  23. "/assets/**",
  24. "/webjars/**"
  25. );
  26. }
  27.  
  28.  
  29.  
  30. @Override
  31. protected void configure(HttpSecurity http) throws Exception {
  32.  
  33. http.csrf().disable()
  34. .sessionManagement()
  35. .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  36. .and()
  37. .httpBasic().disable()
  38. .formLogin().disable()
  39. .logout()
  40. .logoutSuccessHandler((new CustomLogoutSuccessHandler(applicationProperties)))
  41. .deleteCookies("JSESSIONID")
  42. .and()
  43. .addFilter(new TokenBasedAuthenticationFilter(authenticationManager(), applicationProperties, commonProperties.getAuthTokenSecret()))
  44. .addFilter(new TokenBasedAuthorizationFilter(authenticationManager(), applicationProperties, commonProperties.getAuthTokenSecret()));
  45.  
  46. http.headers()
  47. .contentSecurityPolicy("default-src 'none'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;");
  48.  
  49. http.authorizeRequests()
  50. .antMatchers("/*").permitAll()
  51. .anyRequest().authenticated();
  52.  
  53. }
  54.  
  55. @Order(2)
  56. @Configuration
  57. public static class DashboardSecurityAdapter extends WebSecurityConfigurerAdapter {
  58.  
  59. @Autowired DashboardApplicationProperties applicationProperties;
  60. @Autowired CommonApplicationProperties commonProperties;
  61.  
  62. @Override
  63. protected void configure(HttpSecurity http) throws Exception {
  64.  
  65. System.out.println("Dashboard Login Enable");
  66.  
  67. http.csrf().disable()
  68. .requestMatchers()
  69. .antMatchers("/assets/**", "/*")
  70. .and()
  71. .httpBasic().disable()
  72. .formLogin().disable();
  73.  
  74. http.headers()
  75. .contentSecurityPolicy("default-src 'none'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;");
  76. }
  77. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!