/modules/dnet-orgs-database-application/trunk/src/main/java/eu/dnetlib/organizations/WebSecurityConfig.java - D-Net - D-Net project tracking tool

dnet45/modules/dnet-orgs-database-application/trunk/src/main/java/eu/dnetlib/organizations/WebSecurityConfig.java @ 57646

       package eu.dnetlib.organizations;
       import javax.sql.DataSource;
       import org.springframework.beans.factory.annotation.Autowired;
       import org.springframework.context.annotation.Bean;
       import org.springframework.context.annotation.Configuration;
       import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
       import org.springframework.security.config.annotation.web.builders.HttpSecurity;
       import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
       import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
       import org.springframework.security.crypto.factory.PasswordEncoderFactories;
       import org.springframework.security.crypto.password.PasswordEncoder;
       import org.springframework.security.web.access.AccessDeniedHandler;
       import eu.dnetlib.organizations.utils.OpenOrgsConstants;
       @Configuration
       @EnableWebSecurity
       public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
       	@Autowired
       	private DataSource dataSource;
       	@Autowired
       	private AccessDeniedHandler accessDeniedHandler;
       	@Override
       	protected void configure(final HttpSecurity http) throws Exception {
       		http.csrf()
       				.disable()
       				.authorizeRequests()
       				.antMatchers("/", "/api/**")
       				.hasAnyRole(OpenOrgsConstants.userRole, OpenOrgsConstants.superUserRole)
       				.antMatchers("/resources/**", "/webjars/**", "/public_api/**")
       				.permitAll()
       				.anyRequest()
       				.authenticated()
       				.and()
       				.formLogin()
       				.loginPage("/login")
       				.permitAll()
       				.and()
       				.logout()
       				.permitAll()
       				.and()
       				.exceptionHandling()
       				.accessDeniedHandler(accessDeniedHandler);
+      	}
       	@Autowired
       	public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
       		auth.jdbcAuthentication()
       				.dataSource(dataSource)
       				.usersByUsernameQuery("select ?, '{MD5}60c4a0eb167dd41e915a885f582414df', true")  // TODO: this is a MOCK, the user should
       																								  // be authenticated using the openaire
       																								  // credentials
       				.authoritiesByUsernameQuery("with const as (SELECT ? as email) select c.email, coalesce(u.role, 'UNAUTHORIZED') from const c left outer join users u on (u.email = c.email)");
+      	}
       	@Bean
       	public PasswordEncoder passwordEncoder() {
       		return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+      	}
+      }

« Previous
1
2
3
Next »

(3-3/3)

Project

General

Profile

D-Net