mirror of
https://bitbucket.org/wisemapping/wisemapping-open-source.git
synced 2024-10-23 01:52:31 +02:00
Simplyfy auth.
This commit is contained in:
Paulo Gustavo Veiga
parent
b7591ab995
commit
c91cafa8ff
@ -15,8 +15,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
|
|
||||||
import static org.springframework.security.crypto.factory.PasswordEncoderFactories.createDelegatingPasswordEncoder;
|
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@EnableMethodSecurity(
|
@EnableMethodSecurity(
|
||||||
|
|||||||
@ -18,14 +18,13 @@ public class MvcSecurityConfig {
|
|||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(1)
|
@Order(1)
|
||||||
public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
|
||||||
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
|
|
||||||
|
|
||||||
http
|
http
|
||||||
.securityMatchers((matchers) ->
|
.securityMatchers((matchers) ->
|
||||||
matchers.requestMatchers(matcher.pattern("c/maps/*/embed")))
|
matchers.requestMatchers(mvc.pattern("/c/maps/*/embed")))
|
||||||
.authorizeHttpRequests(
|
.authorizeHttpRequests(
|
||||||
(auth) -> auth.requestMatchers(matcher.pattern(("c/maps/*/embed"))).permitAll())
|
(auth) -> auth.requestMatchers(mvc.pattern(("/c/maps/*/embed"))).permitAll())
|
||||||
.headers((header -> header.frameOptions()
|
.headers((header -> header.frameOptions()
|
||||||
.disable()
|
.disable()
|
||||||
))
|
))
|
||||||
@ -34,27 +33,31 @@ public class MvcSecurityConfig {
|
|||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
|
||||||
|
return new MvcRequestMatcher.Builder(introspector);
|
||||||
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(2)
|
@Order(2)
|
||||||
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
|
||||||
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
|
|
||||||
http
|
http
|
||||||
.securityMatchers((matchers) ->
|
.securityMatchers((matchers) ->
|
||||||
matchers.requestMatchers(matcher.pattern("/c/**")))
|
matchers.requestMatchers(mvc.pattern("/c/**")))
|
||||||
.authorizeHttpRequests(
|
.authorizeHttpRequests(
|
||||||
(auth) ->
|
(auth) ->
|
||||||
auth
|
auth
|
||||||
.requestMatchers(matcher.pattern("/c/login")).permitAll()
|
.requestMatchers(mvc.pattern("/c/login")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/logout")).permitAll()
|
.requestMatchers(mvc.pattern("/c/logout")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/registration")).permitAll()
|
.requestMatchers(mvc.pattern("/c/registration")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/registration-success")).permitAll()
|
.requestMatchers(mvc.pattern("/c/registration-success")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/registration-google")).permitAll()
|
.requestMatchers(mvc.pattern("/c/registration-google")).permitAll()
|
||||||
|
|
||||||
.requestMatchers(matcher.pattern("/c/forgot-password")).permitAll()
|
.requestMatchers(mvc.pattern("/c/forgot-password")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/forgot-password-success")).permitAll()
|
.requestMatchers(mvc.pattern("/c/forgot-password-success")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/maps/*/try")).permitAll()
|
.requestMatchers(mvc.pattern("/c/maps/*/try")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/maps/*/public")).permitAll()
|
.requestMatchers(mvc.pattern("/c/maps/*/public")).permitAll()
|
||||||
.requestMatchers(matcher.pattern("/c/**")).hasAnyRole("USER", "ADMIN")
|
.requestMatchers(mvc.pattern("/c/**")).hasAnyRole("USER", "ADMIN")
|
||||||
.anyRequest().authenticated())
|
.anyRequest().authenticated())
|
||||||
.formLogin((loginForm) ->
|
.formLogin((loginForm) ->
|
||||||
loginForm.loginPage("/c/login")
|
loginForm.loginPage("/c/login")
|
||||||
@ -77,25 +80,23 @@ public class MvcSecurityConfig {
|
|||||||
.disable()
|
.disable()
|
||||||
))
|
))
|
||||||
.csrf((csrf) ->
|
.csrf((csrf) ->
|
||||||
csrf.ignoringRequestMatchers(matcher.pattern("/c/logout")));
|
csrf.ignoringRequestMatchers(mvc.pattern("/c/logout")));
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(3)
|
@Order(3)
|
||||||
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
|
||||||
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
|
|
||||||
|
|
||||||
return http.authorizeHttpRequests(
|
return http.authorizeHttpRequests(
|
||||||
(auth) ->
|
(auth) ->
|
||||||
auth.requestMatchers(matcher.pattern("/static/**")).permitAll().
|
auth.requestMatchers(mvc.pattern("/static/**")).permitAll().
|
||||||
requestMatchers(matcher.pattern("/css/**")).permitAll().
|
requestMatchers(mvc.pattern("/css/**")).permitAll().
|
||||||
requestMatchers(matcher.pattern("/js/**")).permitAll().
|
requestMatchers(mvc.pattern("/js/**")).permitAll().
|
||||||
// @todo: Wht this is required ...
|
// @todo: Why this is required ...
|
||||||
requestMatchers(matcher.pattern("/WEB-INF/jsp/*.jsp")).permitAll().
|
requestMatchers(mvc.pattern("/WEB-INF/jsp/*.jsp")).permitAll().
|
||||||
requestMatchers(matcher.pattern("/images/**")).permitAll().
|
requestMatchers(mvc.pattern("/images/**")).permitAll().
|
||||||
requestMatchers(matcher.pattern("/*")).permitAll()
|
requestMatchers(mvc.pattern("/*")).permitAll()
|
||||||
).build();
|
).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,10 +4,6 @@ import org.jetbrains.annotations.NotNull;
|
|||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
import org.springframework.context.annotation.ImportResource;
|
|
||||||
import org.springframework.core.annotation.Order;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
@ -21,39 +17,27 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
|||||||
|
|
||||||
@SpringBootApplication
|
@SpringBootApplication
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
//@ImportResource(value = {"classpath:spring/wisemapping-rest.xml"})
|
|
||||||
@ComponentScan({"com.wisemapping.rest"})
|
@ComponentScan({"com.wisemapping.rest"})
|
||||||
public class RestAppConfig {
|
public class RestAppConfig {
|
||||||
@Bean
|
@Bean
|
||||||
@Order(2)
|
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
|
||||||
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
return new MvcRequestMatcher.Builder(introspector);
|
||||||
// final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector).servletPath("**");
|
}
|
||||||
// return http
|
@Bean
|
||||||
// .securityMatchers((matchers) ->
|
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
|
||||||
// matchers.requestMatchers(matcher.pattern(("/**"))))
|
return http
|
||||||
// .authorizeHttpRequests(auth -> auth
|
.authorizeHttpRequests(auth -> auth
|
||||||
// .requestMatchers(matcher.pattern("api/restfull/users/")).permitAll()
|
.requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll()
|
||||||
// .requestMatchers(matcher.pattern("api/restfull/users/resetPassword")).permitAll()
|
.requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll()
|
||||||
// .requestMatchers(matcher.pattern("api/restfull/oauth2/googlecallback")).permitAll()
|
.requestMatchers(mvc.pattern("/api/restfull/oauth2/googlecallback")).permitAll()
|
||||||
// .requestMatchers(matcher.pattern("api/restfull/oauth2/confirmaccountsync")).permitAll()
|
.requestMatchers(mvc.pattern("/api/restfull/oauth2/confirmaccountsync")).permitAll()
|
||||||
// .requestMatchers(matcher.pattern("api/restfull/admin/**")).hasAnyRole("ADMIN")
|
.requestMatchers(mvc.pattern("/api/restfull/admin/**")).hasAnyRole("ADMIN")
|
||||||
// .requestMatchers(matcher.pattern("/**"))
|
.requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN")
|
||||||
// .authenticated()
|
.anyRequest().authenticated()
|
||||||
//// .hasAnyRole("USER", "ADMIN")
|
)
|
||||||
// )
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
// .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.httpBasic(withDefaults())
|
||||||
// .httpBasic(withDefaults())
|
.csrf(AbstractHttpConfigurer::disable)
|
||||||
// .csrf(AbstractHttpConfigurer::disable)
|
.build();
|
||||||
// .build();
|
|
||||||
|
|
||||||
http.csrf().disable()
|
|
||||||
.authorizeHttpRequests()
|
|
||||||
.anyRequest()
|
|
||||||
.authenticated()
|
|
||||||
.and()
|
|
||||||
.httpBasic(withDefaults());
|
|
||||||
return http.build();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user