API tools faq
paste
Guest User

Untitled

a guest
Apr 11th, 2018
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.94 KB | None | 0 0
raw download clone embed print report
  1. @Configuration
  2. @EnableWebSecurity
  3. @EnableGlobalMethodSecurity(prePostEnabled = true)
  4. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  5.  
  6. private final TokenAuthenticationService tokenAuthenticationService;
  7. private final ObjectMapper mapper;
  8.  
  9. @Autowired
  10. protected SecurityConfig(final TokenAuthenticationService tokenAuthenticationService, ObjectMapper mapper) {
  11. super();
  12. this.tokenAuthenticationService = tokenAuthenticationService;
  13. this.mapper = mapper;
  14. }
  15.  
  16. @Override
  17. protected void configure(HttpSecurity http) throws Exception {
  18. http.headers()
  19. .frameOptions().disable()
  20. .and()
  21. .authorizeRequests()
  22. .antMatchers("/api/v3/auth").permitAll()
  23. .antMatchers("/api/v3/signup").permitAll()
  24. .antMatchers("/api/v3/websocket/**").permitAll()
  25. .anyRequest().authenticated()
  26. .and()
  27. .exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint(mapper))
  28. .and()
  29. .addFilterBefore(new AuthenticationTokenFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class)
  30. .cors()
  31. .and()
  32. .csrf().disable();
  33. }
  34.  
  35. @Bean
  36. public CorsFilter corsFilter() {
  37. UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  38. CorsConfiguration config = new CorsConfiguration();
  39. config.setAllowCredentials(true);
  40. config.addAllowedOrigin("*");
  41. config.addAllowedHeader("*");
  42. config.addAllowedMethod("OPTIONS");
  43. config.addAllowedMethod("GET");
  44. config.addAllowedMethod("POST");
  45. config.addAllowedMethod("PUT");
  46. config.addAllowedMethod("DELETE");
  47. source.registerCorsConfiguration("/**", config);
  48. return new CorsFilter(source);
  49. }
  50. }
  51.  
  52. @Configuration
  53. @EnableWebSocketMessageBroker
  54. @Order(Ordered.HIGHEST_PRECEDENCE + 50)
  55. public class SocketBrokerConfig implements WebSocketMessageBrokerConfigurer {
  56. private static final Logger log = LoggerFactory.getLogger(SocketBrokerConfig.class);
  57.  
  58. private final TokenAuthenticationService authenticationService;
  59.  
  60. @Autowired
  61. public SocketBrokerConfig(TokenAuthenticationService authenticationService) {
  62. this.authenticationService = authenticationService;
  63. }
  64.  
  65. @Override
  66. public void configureMessageBroker(MessageBrokerRegistry config) {
  67. config.enableSimpleBroker("/topic", "/queue");
  68. config.setApplicationDestinationPrefixes("/app");
  69. }
  70.  
  71. @Override
  72. public void registerStompEndpoints(StompEndpointRegistry registry) {
  73. log.info("registering websockets");
  74. registry
  75. .addEndpoint("/api/v3/websocket")
  76. .setAllowedOrigins("*")
  77. .withSockJS()
  78. .setClientLibraryUrl("https://cdnjs.cloudflare.com/ajax/libs/sockjs-client/1.1.4/sockjs.min.js")
  79. .setWebSocketEnabled(false)
  80. .setSessionCookieNeeded(false);
  81. }
  82.  
  83. @Override
  84. public void configureClientInboundChannel(ChannelRegistration registration) {
  85. registration.interceptors(new ChannelInterceptorAdapter() {
  86.  
  87. @Override
  88. public Message<?> preSend(Message<?> message, MessageChannel channel) {
  89.  
  90. StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
  91.  
  92. log.info("in override " + accessor.getCommand());
  93.  
  94. if (StompCommand.CONNECT.equals(accessor.getCommand())) {
  95.  
  96. // Authentication auth = SecurityContextHolder.getContext().getAuthentication();
  97. // String name = auth.getName(); //get logged in username
  98. // System.out.println("Authenticated User : " + name);
  99.  
  100. String authToken = accessor.getFirstNativeHeader("x-auth-token");
  101.  
  102. log.info("Header auth token: " + authToken);
  103.  
  104. Principal principal = authenticationService.getUserFromToken(authToken);
  105.  
  106. if (Objects.isNull(principal))
  107. return null;
  108.  
  109. accessor.setUser(principal);
  110. } else if (StompCommand.DISCONNECT.equals(accessor.getCommand())) {
  111. Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
  112.  
  113. if (Objects.nonNull(authentication))
  114. log.info("Disconnected Auth : " + authentication.getName());
  115. else
  116. log.info("Disconnected Sess : " + accessor.getSessionId());
  117. }
  118. return message;
  119. }
  120.  
  121. @Override
  122. public void postSend(Message<?> message, MessageChannel channel, boolean sent) {
  123. StompHeaderAccessor sha = StompHeaderAccessor.wrap(message);
  124.  
  125. // ignore non-STOMP messages like heartbeat messages
  126. if (sha.getCommand() == null) {
  127. log.warn("postSend null command");
  128. return;
  129. }
  130.  
  131. String sessionId = sha.getSessionId();
  132.  
  133. switch (sha.getCommand()) {
  134. case CONNECT:
  135. log.info("STOMP Connect [sessionId: " + sessionId + "]");
  136. break;
  137. case CONNECTED:
  138. log.info("STOMP Connected [sessionId: " + sessionId + "]");
  139. break;
  140. case DISCONNECT:
  141. log.info("STOMP Disconnect [sessionId: " + sessionId + "]");
  142. break;
  143. default:
  144. break;
  145.  
  146. }
  147. }
  148. });
  149.  
  150. }
  151. }
  152.  
  153. @Configuration
  154. public class SocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
  155.  
  156. @Override
  157. protected boolean sameOriginDisabled() {
  158. // We need to access this directly from apps, so can't do cross-site checks
  159. return true;
  160. }
  161. }
  162.  
  163. <!DOCTYPE html>
  164. <html lang="en">
  165. <head>
  166. <meta charset="utf-8"/>
  167. <title>Test</title>
  168. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css"/>
  169. </head>
  170. <body>
  171. <nav class="navbar navbar-default">
  172. <div class="container-fluid">
  173. <div class="navbar-header">
  174. <a class="navbar-brand" href="/test/ws">Test Client</a>
  175. </div>
  176. </div>
  177. </nav>
  178. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
  179. <script type="text/javascript" src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
  180. <script src="https://cdnjs.cloudflare.com/ajax/libs/stomp.js/2.3.3/stomp.min.js"></script>
  181. <script src="https://cdnjs.cloudflare.com/ajax/libs/sockjs-client/1.1.4/sockjs.min.js"></script>
  182.  
  183. <script type="application/javascript">
  184. var endpoint = "http://192.168.0.58:8080/api/v3/auth";
  185. var login = {username: "admin", password: "password"};
  186.  
  187. $.ajax({
  188. type: "POST",
  189. url: endpoint,
  190. data: JSON.stringify(login),
  191. headers: {
  192. 'Accept': 'application/json',
  193. 'Content-Type': 'application/json'
  194. },
  195. success: function (data) {
  196. var socket = new SockJS("http://192.168.0.58:8080/api/v3/websocket/");
  197. var stompClient = Stomp.over(socket);
  198.  
  199. var headers = {
  200. 'client-id': 'my-client-id',
  201. 'x-auth-token': data.data.token
  202. };
  203. stompClient.connect(headers, function (frame) {
  204. console.log("Connected ?!");
  205. console.log(frame);
  206. stompClient.subscribe(
  207. "/user/queue/admin",
  208. function (message) {
  209. console.log("Message arrived");
  210. console.log(message);
  211. }
  212. );
  213. });
  214. }
  215. });
  216. </script>
  217. </body>
  218. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!