SHARE
TWEET

Untitled

a guest Jul 16th, 2019 58 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. @EnableWebSecurity
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  3.  
  4.      @Configuration
  5.         @Order(1)                                                        
  6.         public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
  7.  
  8.             @Autowired CommonApplicationProperties commonProperties;
  9.             @Autowired DashboardApplicationProperties applicationProperties;
  10.  
  11.             @Autowired
  12.             private CustomAuthenticationProvider authProvider;
  13.  
  14.             @Override
  15.             protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  16.                 auth.authenticationProvider(authProvider);
  17.             }
  18.  
  19.             @Override
  20.             public void configure(WebSecurity web) throws Exception {
  21.                  web.ignoring().antMatchers(
  22.                          "/app/**",
  23.                          "/assets/**",
  24.                          "/webjars/**"
  25.                          );
  26.             }
  27.  
  28.  
  29.  
  30.         @Override
  31.         protected void configure(HttpSecurity http) throws Exception {
  32.  
  33.             http.csrf().disable()
  34.             .sessionManagement()
  35.             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  36.             .and()
  37.             .httpBasic().disable()
  38.             .formLogin().disable()
  39.             .logout()
  40.             .logoutSuccessHandler((new CustomLogoutSuccessHandler(applicationProperties)))
  41.             .deleteCookies("JSESSIONID")
  42.             .and()
  43.             .addFilter(new TokenBasedAuthenticationFilter(authenticationManager(), applicationProperties, commonProperties.getAuthTokenSecret()))
  44.             .addFilter(new TokenBasedAuthorizationFilter(authenticationManager(), applicationProperties, commonProperties.getAuthTokenSecret()));
  45.  
  46.             http.headers()
  47.             .contentSecurityPolicy("default-src 'none'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;");
  48.  
  49.             http.authorizeRequests()
  50.             .antMatchers("/*").permitAll()
  51.             .anyRequest().authenticated();
  52.  
  53.      }
  54.  
  55.      @Order(2)        
  56.      @Configuration
  57.         public static class DashboardSecurityAdapter extends WebSecurityConfigurerAdapter {
  58.  
  59.          @Autowired DashboardApplicationProperties applicationProperties;
  60.          @Autowired CommonApplicationProperties commonProperties;
  61.  
  62.             @Override
  63.             protected void configure(HttpSecurity http) throws Exception {
  64.  
  65.                 System.out.println("Dashboard Login Enable");
  66.  
  67.                 http.csrf().disable()
  68.                 .requestMatchers()
  69.                 .antMatchers("/assets/**", "/*")
  70.                 .and()
  71.                 .httpBasic().disable()
  72.                 .formLogin().disable();
  73.  
  74.                 http.headers()
  75.                 .contentSecurityPolicy("default-src 'none'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;");
  76.             }
  77.         }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top