|
1
|
package eu.dnetlib.uoaauthorizationlibrary.security;
|
|
2
|
|
|
3
|
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
|
4
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
5
|
import org.springframework.context.annotation.ComponentScan;
|
|
6
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
7
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
8
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
9
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
10
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
11
|
|
|
12
|
@EnableGlobalMethodSecurity(securedEnabled = true)
|
|
13
|
@EnableWebSecurity
|
|
14
|
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
|
|
15
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
16
|
|
|
17
|
private AuthorizationProvider authorizationProvider;
|
|
18
|
private AuthorizationUtils utils;
|
|
19
|
|
|
20
|
@Autowired
|
|
21
|
WebSecurityConfig(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
|
|
22
|
this.authorizationProvider = authorizationProvider;
|
|
23
|
this.utils = utils;
|
|
24
|
}
|
|
25
|
|
|
26
|
@Override
|
|
27
|
protected void configure(HttpSecurity http) throws Exception {
|
|
28
|
http.apply(new AuthorizationFilterConfigurer(authorizationProvider, utils));
|
|
29
|
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
|
30
|
http.authorizeRequests().anyRequest().permitAll();
|
|
31
|
http.httpBasic();
|
|
32
|
}
|
|
33
|
|
|
34
|
}
|