server/src/main/java/com/samsung/samserver/config/MicroserviceSecurityConfiguration.java

   1 /*
   2  * In Samsung Ukraine R&D Center (SRK under a contract between)
   3  * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
   4  * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
   5  */
   6 package com.samsung.samserver.config;
   7
   8 import com.samsung.samserver.security.AuthoritiesConstants;
   9 import com.samsung.samserver.security.jwt.JWTConfigurer;
  10 import com.samsung.samserver.security.jwt.TokenProvider;
  11
  12 import org.springframework.context.annotation.*;
  13 import org.springframework.http.HttpMethod;
  14 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
  15 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  16 import org.springframework.security.config.annotation.web.builders.WebSecurity;
  17 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  18 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  19 import org.springframework.security.config.http.SessionCreationPolicy;
  20 import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
  21 import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
  22
  23 @Configuration
  24 @Import(SecurityProblemSupport.class)
  25 @EnableWebSecurity
  26 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
  27 public class MicroserviceSecurityConfiguration extends WebSecurityConfigurerAdapter {
  28
  29     private final TokenProvider tokenProvider;
  30
  31     private final SecurityProblemSupport problemSupport;
  32
  33     public MicroserviceSecurityConfiguration(TokenProvider tokenProvider, SecurityProblemSupport problemSupport) {
  34         this.tokenProvider = tokenProvider;
  35         this.problemSupport = problemSupport;
  36     }
  37
  38     @Override
  39     public void configure(WebSecurity web) throws Exception {
  40         web.ignoring()
  41             .antMatchers(HttpMethod.OPTIONS, "/**")
  42             .antMatchers("/app/**/*.{js,html}")
  43             .antMatchers("/bower_components/**")
  44             .antMatchers("/i18n/**")
  45             .antMatchers("/content/**")
  46             .antMatchers("/swagger-ui/index.html")
  47             .antMatchers("/test/**")
  48             .antMatchers("/h2-console/**")
  49             .antMatchers("/api/device-service/**")
  50         ;
  51     }
  52
  53     @Override
  54     protected void configure(HttpSecurity http) throws Exception {
  55         http
  56             .csrf()
  57             .disable()
  58             .exceptionHandling()
  59             .authenticationEntryPoint(problemSupport)
  60             .accessDeniedHandler(problemSupport)
  61         .and()
  62             .headers()
  63             .frameOptions()
  64             .disable()
  65         .and()
  66             .sessionManagement()
  67             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  68         .and()
  69             .authorizeRequests()
  70             //.antMatchers("/api/**").authenticated()
  71             .antMatchers("/management/health").permitAll()
  72             .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
  73             .antMatchers("/swagger-resources/configuration/ui").permitAll()
  74         .and()
  75             .apply(securityConfigurerAdapter());
  76     }
  77
  78     private JWTConfigurer securityConfigurerAdapter() {
  79         return new JWTConfigurer(tokenProvider);
  80     }
  81
  82     @Bean
  83     public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
  84         return new SecurityEvaluationContextExtension();
  85     }
  86 }