Code Review / eliot.git / blob
? search:


b6904b0c87921e1e3ef7d4a79405cf535e326c67
[eliot.git] /
1 /*
2  * Copyright 2020 Huawei Technologies Co., Ltd.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package com.eliot.eliotbe.eliotk8sclient.config;
17
18 import org.springframework.beans.factory.annotation.Autowired;
19 import org.springframework.context.annotation.Bean;
20 import org.springframework.context.annotation.Configuration;
21 import org.springframework.security.authentication.AuthenticationManager;
22 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
23 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
24 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
25 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
26 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
27 import org.springframework.security.config.http.SessionCreationPolicy;
28 import org.springframework.security.core.userdetails.UserDetailsService;
29 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
30 import org.springframework.security.crypto.password.PasswordEncoder;
31 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
32
33 @Configuration
34 @EnableWebSecurity
35 @EnableGlobalMethodSecurity(prePostEnabled = true)
36 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
37
38     @Autowired
39     private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
40
41     @Autowired
42     private UserDetailsService jwtUserDetailsService;
43
44     @Autowired
45     private JwtRequestFilter jwtRequestFilter;
46
47     @Autowired
48     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
49         // configure AuthenticationManager so that it knows from where to load
50         // user for matching credentials
51         // Use BCryptPasswordEncoder
52         auth.userDetailsService(jwtUserDetailsService).passwordEncoder(passwordEncoder());
53     }
54
55     @Bean
56     public PasswordEncoder passwordEncoder() {
57         return new BCryptPasswordEncoder();
58     }
59
60     @Bean
61     @Override
62     public AuthenticationManager authenticationManagerBean() throws Exception {
63         return super.authenticationManagerBean();
64     }
65
66     @Override
67     protected void configure(HttpSecurity httpSecurity) throws Exception {
68         // We don't need CSRF for this example
69         httpSecurity.csrf().disable()
70                 // dont authenticate this particular request
71                 .authorizeRequests().antMatchers("/authenticate").permitAll().
72                 // all other requests need to be authenticated
73                         anyRequest().authenticated().and().
74                 // make sure we use stateless session; session won't be used to
75                 // store user's state.
76                         exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
77                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
78
79         // Add a filter to validate the tokens with every request
80         httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
81     }
82 }