1
|
package eu.dnetlib.organizations;
|
2
|
|
3
|
import javax.sql.DataSource;
|
4
|
|
5
|
import org.springframework.beans.factory.annotation.Autowired;
|
6
|
import org.springframework.context.annotation.Bean;
|
7
|
import org.springframework.context.annotation.Configuration;
|
8
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
9
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
10
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
11
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
12
|
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
13
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
14
|
import org.springframework.security.web.access.AccessDeniedHandler;
|
15
|
|
16
|
@Configuration
|
17
|
@EnableWebSecurity
|
18
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
19
|
|
20
|
@Autowired
|
21
|
private DataSource dataSource;
|
22
|
|
23
|
@Autowired
|
24
|
private AccessDeniedHandler accessDeniedHandler;
|
25
|
|
26
|
@Override
|
27
|
protected void configure(final HttpSecurity http) throws Exception {
|
28
|
|
29
|
http.csrf().disable()
|
30
|
.authorizeRequests()
|
31
|
.antMatchers("/", "/api/**").hasAnyRole("USER", "SUPERUSER")
|
32
|
.antMatchers("/swagger-ui.html", "/doc", "/resources/**", "/webjars/**").permitAll()
|
33
|
.anyRequest().authenticated()
|
34
|
.and()
|
35
|
.formLogin()
|
36
|
.loginPage("/login")
|
37
|
.permitAll()
|
38
|
.and()
|
39
|
.logout()
|
40
|
.permitAll()
|
41
|
.and()
|
42
|
.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
|
43
|
}
|
44
|
|
45
|
@Autowired
|
46
|
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
|
47
|
auth.jdbcAuthentication().dataSource(dataSource)
|
48
|
.usersByUsernameQuery("select email, password, valid from users where email=? and valid=true")
|
49
|
.authoritiesByUsernameQuery("select email, 'ROLE_'||role from users where email=? and valid=true");
|
50
|
}
|
51
|
|
52
|
@Bean
|
53
|
public PasswordEncoder passwordEncoder() {
|
54
|
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
|
55
|
}
|
56
|
|
57
|
}
|