X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=blueprints%2Fcommon%2Feliot-ui%2Fbe%2Fsrc%2Feliotk8sclient%2Fsrc%2Fmain%2Fjava%2Fcom%2Feliot%2Feliotbe%2Feliotk8sclient%2Fconfig%2FWebSecurityConfig.java;fp=blueprints%2Fcommon%2Feliot-ui%2Fbe%2Fsrc%2Feliotk8sclient%2Fsrc%2Fmain%2Fjava%2Fcom%2Feliot%2Feliotbe%2Feliotk8sclient%2Fconfig%2FWebSecurityConfig.java;h=0000000000000000000000000000000000000000;hb=434326c60fb0434bda587102b4746173fe425dea;hp=b6904b0c87921e1e3ef7d4a79405cf535e326c67;hpb=37827e492060182b32df67c2a538a29808fa5e17;p=eliot.git diff --git a/blueprints/common/eliot-ui/be/src/eliotk8sclient/src/main/java/com/eliot/eliotbe/eliotk8sclient/config/WebSecurityConfig.java b/blueprints/common/eliot-ui/be/src/eliotk8sclient/src/main/java/com/eliot/eliotbe/eliotk8sclient/config/WebSecurityConfig.java deleted file mode 100644 index b6904b0..0000000 --- a/blueprints/common/eliot-ui/be/src/eliotk8sclient/src/main/java/com/eliot/eliotbe/eliotk8sclient/config/WebSecurityConfig.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2020 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.eliot.eliotbe.eliotk8sclient.config; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; - -@Configuration -@EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true) -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - - @Autowired - private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; - - @Autowired - private UserDetailsService jwtUserDetailsService; - - @Autowired - private JwtRequestFilter jwtRequestFilter; - - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - // configure AuthenticationManager so that it knows from where to load - // user for matching credentials - // Use BCryptPasswordEncoder - auth.userDetailsService(jwtUserDetailsService).passwordEncoder(passwordEncoder()); - } - - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } - - @Bean - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); - } - - @Override - protected void configure(HttpSecurity httpSecurity) throws Exception { - // We don't need CSRF for this example - httpSecurity.csrf().disable() - // dont authenticate this particular request - .authorizeRequests().antMatchers("/authenticate").permitAll(). - // all other requests need to be authenticated - anyRequest().authenticated().and(). - // make sure we use stateless session; session won't be used to - // store user's state. - exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement() - .sessionCreationPolicy(SessionCreationPolicy.STATELESS); - - // Add a filter to validate the tokens with every request - httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); - } -}