server/src/main/java/com/samsung/samserver/config/MicroserviceSecurityConfiguration.java

   1 /*
   2  * In Samsung Ukraine R&D Center (SRK under a contract between)
   3  * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
   4  * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
   5  */
   6 package com.samsung.samserver.config;
   7
   8 import com.samsung.samserver.security.AuthoritiesConstants;
   9 import com.samsung.samserver.security.jwt.JWTConfigurer;
  10 import com.samsung.samserver.security.jwt.TokenProvider;
  11
  12 import org.springframework.context.annotation.*;
  13 import org.springframework.http.HttpMethod;
  14 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
  15 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  16 import org.springframework.security.config.annotation.web.builders.WebSecurity;
  17 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  18 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  19 import org.springframework.security.config.http.SessionCreationPolicy;
  20 import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
  21 import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
  22
  23 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  24 import org.springframework.security.core.userdetails.UserDetailsService;
  25 import org.springframework.web.filter.CorsFilter;
  26 import javax.annotation.PostConstruct;
  27 import org.springframework.beans.factory.BeanInitializationException;
  28 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  29 import org.springframework.security.crypto.password.PasswordEncoder;
  30
  31 @Configuration
  32 @Import(SecurityProblemSupport.class)
  33 @EnableWebSecurity
  34 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
  35 public class MicroserviceSecurityConfiguration extends WebSecurityConfigurerAdapter {
  36
  37     private final TokenProvider tokenProvider;
  38
  39     private final SecurityProblemSupport problemSupport;
  40
  41     private final AuthenticationManagerBuilder authenticationManagerBuilder;
  42
  43     private final UserDetailsService userDetailsService;
  44
  45     private final CorsFilter corsFilter;
  46
  47     public MicroserviceSecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, UserDetailsService userDetailsService,TokenProvider tokenProvider,CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
  48         this.authenticationManagerBuilder = authenticationManagerBuilder;
  49         this.userDetailsService = userDetailsService;
  50         this.tokenProvider = tokenProvider;
  51         this.corsFilter = corsFilter;
  52         this.problemSupport = problemSupport;
  53     }
  54
  55     @PostConstruct
  56     public void init() {
  57         try {
  58             authenticationManagerBuilder
  59                     .userDetailsService(userDetailsService)
  60                     .passwordEncoder(passwordEncoder());
  61         } catch (Exception e) {
  62             throw new BeanInitializationException("Security configuration failed", e);
  63         }
  64     }
  65
  66     @Bean
  67     public PasswordEncoder passwordEncoder() {
  68         return new BCryptPasswordEncoder();
  69     }
  70
  71     @Override
  72     public void configure(WebSecurity web) throws Exception {
  73         web.ignoring()
  74             .antMatchers(HttpMethod.OPTIONS, "/**")
  75             .antMatchers("/app/**/*.{js,html}")
  76             .antMatchers("/bower_components/**")
  77             .antMatchers("/i18n/**")
  78             .antMatchers("/content/**")
  79             .antMatchers("/swagger-ui/index.html")
  80             .antMatchers("/test/**")
  81             .antMatchers("/h2-console/**")
  82             .antMatchers("/api/device-service/**")
  83         ;
  84     }
  85
  86     @Override
  87     protected void configure(HttpSecurity http) throws Exception {
  88         http
  89             .csrf()
  90             .disable()
  91             .exceptionHandling()
  92             .authenticationEntryPoint(problemSupport)
  93             .accessDeniedHandler(problemSupport)
  94         .and()
  95             .headers()
  96             .frameOptions()
  97             .disable()
  98         .and()
  99             .sessionManagement()
 100             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 101         .and()
 102             .authorizeRequests()
 103             .antMatchers("/dashboard/auth/login").permitAll()
 104             .antMatchers("/dashboard/auth/register").permitAll()
 105             .antMatchers("/dashboard/**").authenticated()
 106             .antMatchers("/management/health").permitAll()
 107             .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
 108             .antMatchers("/swagger-resources/configuration/ui").permitAll()
 109         .and()
 110             .apply(securityConfigurerAdapter());
 111     }
 112
 113     private JWTConfigurer securityConfigurerAdapter() {
 114         return new JWTConfigurer(tokenProvider);
 115     }
 116
 117     @Bean
 118     public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
 119         return new SecurityEvaluationContextExtension();
 120     }
 121 }