Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @EnableWebSecurity
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- @Configuration
- @Order(1)
- public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
- @Autowired CommonApplicationProperties commonProperties;
- @Autowired DashboardApplicationProperties applicationProperties;
- @Autowired
- private CustomAuthenticationProvider authProvider;
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.authenticationProvider(authProvider);
- }
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers(
- "/app/**",
- "/assets/**",
- "/webjars/**"
- );
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .httpBasic().disable()
- .formLogin().disable()
- .logout()
- .logoutSuccessHandler((new CustomLogoutSuccessHandler(applicationProperties)))
- .deleteCookies("JSESSIONID")
- .and()
- .addFilter(new TokenBasedAuthenticationFilter(authenticationManager(), applicationProperties, commonProperties.getAuthTokenSecret()))
- .addFilter(new TokenBasedAuthorizationFilter(authenticationManager(), applicationProperties, commonProperties.getAuthTokenSecret()));
- http.headers()
- .contentSecurityPolicy("default-src 'none'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;");
- http.authorizeRequests()
- .antMatchers("/*").permitAll()
- .anyRequest().authenticated();
- }
- @Order(2)
- @Configuration
- public static class DashboardSecurityAdapter extends WebSecurityConfigurerAdapter {
- @Autowired DashboardApplicationProperties applicationProperties;
- @Autowired CommonApplicationProperties commonProperties;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- System.out.println("Dashboard Login Enable");
- http.csrf().disable()
- .requestMatchers()
- .antMatchers("/assets/**", "/*")
- .and()
- .httpBasic().disable()
- .formLogin().disable();
- http.headers()
- .contentSecurityPolicy("default-src 'none'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement