View Javadoc

1   package org.springframework.security.oauth.examples.sparklr.config;
2   
3   import org.springframework.context.annotation.Bean;
4   import org.springframework.context.annotation.Configuration;
5   import org.springframework.security.authentication.AuthenticationManager;
6   import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7   import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8   import org.springframework.security.config.annotation.web.builders.WebSecurity;
9   import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
10  import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
11  import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
12  
13  @Configuration
14  @EnableWebSecurity
15  public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
16  
17      @Override
18      protected void configure(AuthenticationManagerBuilder auth) throws Exception {
19          auth.inMemoryAuthentication().withUser("marissa").password("koala").roles("USER").and().withUser("paul")
20                  .password("emu").roles("USER");
21      }
22  
23      @Override
24      public void configure(WebSecurity web) throws Exception {
25          web.ignoring().antMatchers("/webjars/**", "/images/**", "/oauth/uncache_approvals", "/oauth/cache_approvals");
26      }
27  
28      @Override
29      @Bean
30      public AuthenticationManager authenticationManagerBean() throws Exception {
31          return super.authenticationManagerBean();
32      }
33  
34      @Override
35      protected void configure(HttpSecurity http) throws Exception {
36          // @formatter:off
37                   http
38              .authorizeRequests().antMatchers("/login.jsp").permitAll().and()
39              .authorizeRequests()
40                  .anyRequest().hasRole("USER")
41                  .and()
42              .exceptionHandling()
43                  .accessDeniedPage("/login.jsp?authorization_error=true")
44                  .and()
45              // TODO: put CSRF protection back into this endpoint
46              .csrf()
47                  .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable()
48              .logout()
49                  .logoutSuccessUrl("/index.jsp")
50                  .logoutUrl("/logout.do")
51                  .and()
52              .formLogin()
53                      .usernameParameter("j_username")
54                      .passwordParameter("j_password")
55                      .failureUrl("/login.jsp?authentication_error=true")
56                      .loginPage("/login.jsp")
57                      .loginProcessingUrl("/login.do");
58          // @formatter:on
59      }
60  }