1
|
package eu.dnetlib.organizations;
|
2
|
|
3
|
import javax.sql.DataSource;
|
4
|
|
5
|
import org.springframework.beans.factory.annotation.Autowired;
|
6
|
import org.springframework.context.annotation.Bean;
|
7
|
import org.springframework.context.annotation.Configuration;
|
8
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
9
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
10
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
11
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
12
|
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
13
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
14
|
import org.springframework.security.web.access.AccessDeniedHandler;
|
15
|
|
16
|
import eu.dnetlib.organizations.utils.OpenOrgsConstants;
|
17
|
|
18
|
@Configuration
|
19
|
@EnableWebSecurity
|
20
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
21
|
|
22
|
@Autowired
|
23
|
private DataSource dataSource;
|
24
|
|
25
|
@Autowired
|
26
|
private AccessDeniedHandler accessDeniedHandler;
|
27
|
|
28
|
@Override
|
29
|
protected void configure(final HttpSecurity http) throws Exception {
|
30
|
|
31
|
http.csrf().disable()
|
32
|
.authorizeRequests()
|
33
|
.antMatchers("/", "/api/**").hasAnyRole(OpenOrgsConstants.userRole, OpenOrgsConstants.superUserRole)
|
34
|
.antMatchers("/resources/**", "/webjars/**", "/public_api/**").permitAll()
|
35
|
.anyRequest().authenticated()
|
36
|
.and()
|
37
|
.formLogin()
|
38
|
.loginPage("/login")
|
39
|
.permitAll()
|
40
|
.and()
|
41
|
.logout()
|
42
|
.permitAll()
|
43
|
.and()
|
44
|
.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
|
45
|
}
|
46
|
|
47
|
@Autowired
|
48
|
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
|
49
|
auth.jdbcAuthentication().dataSource(dataSource)
|
50
|
.usersByUsernameQuery("select email, password, valid from users where email=? and valid=true and role != 'PENDING'")
|
51
|
.authoritiesByUsernameQuery("select email, 'ROLE_'||role from users where email=? and valid=true and role != 'PENDING'");
|
52
|
}
|
53
|
|
54
|
@Bean
|
55
|
public PasswordEncoder passwordEncoder() {
|
56
|
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
|
57
|
}
|
58
|
|
59
|
}
|