Revision 57661
Added by Michele Artini over 4 years ago
| WebSecurityConfig.java | ||
|---|---|---|
| 13 | 13 |
import org.springframework.security.crypto.password.PasswordEncoder; |
| 14 | 14 |
import org.springframework.security.web.access.AccessDeniedHandler; |
| 15 | 15 |
|
| 16 |
import eu.dnetlib.organizations.utils.OpenOrgsConstants;
|
|
| 16 |
import eu.dnetlib.organizations.controller.UserRole;
|
|
| 17 | 17 |
|
| 18 | 18 |
@Configuration |
| 19 | 19 |
@EnableWebSecurity |
| ... | ... | |
| 32 | 32 |
.disable() |
| 33 | 33 |
.authorizeRequests() |
| 34 | 34 |
.antMatchers("/", "/api/**")
|
| 35 |
.hasAnyRole(OpenOrgsConstants.userRole, OpenOrgsConstants.superUserRole)
|
|
| 36 |
.antMatchers("/public_api/**")
|
|
| 37 |
.hasRole(OpenOrgsConstants.notAuthorizedRole)
|
|
| 38 |
.antMatchers("/resources/**", "/webjars/**", "/public_api/**")
|
|
| 35 |
.hasAnyRole(UserRole.ADMIN.name(), UserRole.NATIONAL_ADMIN.name(), UserRole.USER.name())
|
|
| 36 |
.antMatchers("/registration_api/**")
|
|
| 37 |
.hasRole(UserRole.NOT_AUTHORIZED.name())
|
|
| 38 |
.antMatchers("/resources/**", "/webjars/**")
|
|
| 39 | 39 |
.permitAll() |
| 40 | 40 |
.anyRequest() |
| 41 | 41 |
.authenticated() |
| ... | ... | |
| 58 | 58 |
.usersByUsernameQuery("select ?, '{MD5}60c4a0eb167dd41e915a885f582414df', true") // TODO: this is a MOCK, the user should
|
| 59 | 59 |
// be authenticated using the openaire |
| 60 | 60 |
// credentials |
| 61 |
.authoritiesByUsernameQuery("with const as (SELECT ? as email) select c.email, 'ROLE_'||coalesce(u.role, 'NOTAUTHORIZED') from const c left outer join users u on (u.email = c.email)");
|
|
| 61 |
.authoritiesByUsernameQuery("with const as (SELECT ? as email) "
|
|
| 62 |
+ "select c.email, 'ROLE_'||coalesce(u.role, '" |
|
| 63 |
+ UserRole.NOT_AUTHORIZED |
|
| 64 |
+ "') from const c left outer join users u on (u.email = c.email)"); |
|
| 62 | 65 |
} |
| 63 | 66 |
|
| 64 | 67 |
@Bean |
Also available in: Unified diff
national admin management