API tools faq
paste
Guest User

Untitled

a guest
Feb 21st, 2018
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.92 KB | None | 0 0
raw download clone embed print report
  1. @Service
  2. @Qualifier("customUserDetailsService")
  3. public class CustomUserDetailsService implements UserDetailsService {
  4.  
  5. @Autowired
  6. private UserRepository userRepository;
  7.  
  8. @Transactional(readOnly = true)
  9. @Override
  10. public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
  11. System.err.println(username);
  12. User user = userRepository.findByEmail(username);
  13. List<GrantedAuthority> authorities = buildUserAuthority(user.getRoles());
  14.  
  15. return buildUserForAuthentication(user, authorities);
  16.  
  17. }
  18.  
  19. private org.springframework.security.core.userdetails.User buildUserForAuthentication(User user,
  20. List<GrantedAuthority> authorities) {
  21. return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), authorities);
  22. }
  23.  
  24. private List<GrantedAuthority> buildUserAuthority(List<Role> userRoles) {
  25.  
  26. Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
  27.  
  28. // Build user's authorities
  29. for (Role userRole : userRoles) {
  30. setAuths.add(new SimpleGrantedAuthority(userRole.getRoleName()));
  31. }
  32.  
  33. return new ArrayList<GrantedAuthority>(setAuths);
  34. }
  35. }
  36.  
  37. @Configuration
  38. @EnableWebSecurity
  39. @EnableGlobalMethodSecurity(prePostEnabled = true)
  40. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  41. /** Roles */
  42. public static final String ROLE_ADMIN = "ADMIN";
  43. public static final String ROLE_TEACHER = "TEACHER";
  44. public static final String ROLE_STUDENT = "STUDENT";
  45.  
  46. private static PasswordEncoder encoder;
  47.  
  48. @Autowired
  49. private UserDetailsService customUserDetailsService;
  50.  
  51. @Override
  52. protected void configure(HttpSecurity http) throws Exception {
  53. // http.authorizeRequests().antMatchers("/auth/**").authenticated();
  54. //
  55. // http.formLogin().defaultSuccessUrl("/auth").loginPage("/login").permitAll().and().logout()
  56. // .logoutSuccessUrl("/logout").permitAll();
  57. //Para poder hacer POST en rest
  58. http.csrf().disable();
  59.  
  60. // @formatter:off
  61. http
  62. .authorizeRequests()
  63. .antMatchers("/forgotPassword", "/passwordReset", "/register", "/registerStudent", "/resources/**", "/js/**", "**/js/**", "/static/**", "/login" ,"/","/api/**").permitAll()
  64. .antMatchers("/admin/**").hasAuthority(ROLE_ADMIN)
  65. .antMatchers("/teacher/**").hasAuthority(ROLE_TEACHER)
  66. .antMatchers("/student/**").hasAuthority(ROLE_STUDENT)
  67. .antMatchers("/**").hasAnyAuthority(ROLE_TEACHER, ROLE_ADMIN, ROLE_STUDENT)
  68. .antMatchers(HttpMethod.POST, "/api/**").authenticated()
  69. .antMatchers(HttpMethod.PUT, "/api/**").authenticated()
  70. .antMatchers(HttpMethod.DELETE, "/api/**").authenticated()
  71. //.antMatchers("/").permitAll()
  72. .anyRequest().authenticated()
  73. .and()
  74. .formLogin()
  75. .loginPage("/login")
  76. .successHandler(successHandler())
  77. .permitAll()
  78. .and()
  79. .logout()
  80. .permitAll();
  81. // @formatter:on
  82.  
  83. }
  84.  
  85. private AuthenticationSuccessHandler successHandler() {
  86. SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler();
  87. handler.setDefaultTargetUrl("/home");
  88. return handler;
  89. }
  90.  
  91. @Override
  92. protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  93. auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
  94. }
  95.  
  96. @Bean
  97. public PasswordEncoder passwordEncoder() {
  98. if (encoder == null) {
  99. encoder = new BCryptPasswordEncoder();
  100. }
  101.  
  102. return encoder;
  103. }
  104. }
  105.  
  106. @Configuration
  107. @EnableWebMvcSecurity
  108. @Order(99)
  109. @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
  110. public class MultiHttpSecurityConfig extends WebSecurityConfigurerAdapter {
  111. /** Roles */
  112. public static final String ROLE_ADMIN = "ADMIN";
  113. public static final String ROLE_TEACHER = "TEACHER";
  114. public static final String ROLE_STUDENT = "STUDENT";
  115. @Autowired
  116. protected UserDetailsService customUserDetailsService;
  117.  
  118. @Autowired
  119. protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  120. auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
  121. }
  122.  
  123. private static PasswordEncoder encoder;
  124. @Bean
  125. public PasswordEncoder passwordEncoder() {
  126. if (encoder == null) {
  127. encoder = new BCryptPasswordEncoder();
  128. }
  129.  
  130. return encoder;
  131. }
  132.  
  133. @Configuration
  134. @Order(1)
  135. public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
  136. protected void configure(HttpSecurity http) throws Exception {
  137. http.csrf().disable();
  138. http.antMatcher("/api/**").authorizeRequests().anyRequest().hasAnyAuthority("ADMIN","STUDENT","TEACHER").anyRequest().authenticated().and().httpBasic();
  139. }
  140. }
  141.  
  142. @Configuration
  143. public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
  144.  
  145. @Override
  146. protected void configure(HttpSecurity http) throws Exception {
  147.  
  148. //Para poder hacer POST en rest
  149. http.csrf().disable();
  150. http
  151. .authorizeRequests()
  152. .antMatchers("/forgotPassword", "/passwordReset", "/register", "/resources/**", "/js/**", "**/js/**", "/static/**", "/login" ,"/").permitAll()
  153. .antMatchers("/admin/**").hasAuthority(ROLE_ADMIN)
  154. .antMatchers("/teacher/**").hasAuthority(ROLE_TEACHER)
  155. .antMatchers("/student/**").hasAuthority(ROLE_STUDENT)
  156. .antMatchers("/**").hasAnyAuthority(ROLE_TEACHER, ROLE_ADMIN, ROLE_STUDENT)
  157. //.antMatchers("/").permitAll()
  158. .anyRequest().authenticated()
  159. .and()
  160. .formLogin()
  161. .loginPage("/login").permitAll()
  162. .successHandler(successHandler())
  163. .permitAll()
  164. .and()
  165. .logout()
  166. .permitAll();
  167. }
  168. private AuthenticationSuccessHandler successHandler() {
  169. SimpleUrlAuthenticationSuccessHandler handler = new SimpleUrlAuthenticationSuccessHandler();
  170. handler.setDefaultTargetUrl("/home");
  171. return handler;
  172. }
  173.  
  174. }
  175. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!