| /* |
| ******************************************************************************* |
| * Copyright (c) 2019 Contributors to the Eclipse Foundation |
| * |
| * See the NOTICE file(s) distributed with this work for additional |
| * information regarding copyright ownership. |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Public License v. 2.0 which is available at |
| * http://www.eclipse.org/legal/epl-2.0. |
| * |
| * SPDX-License-Identifier: EPL-2.0 |
| ******************************************************************************* |
| */ |
| package org.eclipse.openk.gridfailureinformation.config; |
| |
| import org.eclipse.openk.gridfailureinformation.config.auth.JwtAuthenticationEntryPoint; |
| import org.eclipse.openk.gridfailureinformation.config.auth.JwtAuthenticationTokenFilter; |
| import org.eclipse.openk.gridfailureinformation.config.auth.JwtTokenValidationFilter; |
| import org.springframework.beans.factory.annotation.Autowired; |
| import org.springframework.context.annotation.Configuration; |
| import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
| import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
| import org.springframework.security.config.http.SessionCreationPolicy; |
| import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; |
| |
| @Configuration |
| @EnableWebSecurity |
| @EnableGlobalMethodSecurity( |
| prePostEnabled = true, |
| securedEnabled = true, |
| jsr250Enabled = true) |
| public class SecurityConfig extends WebSecurityConfigurerAdapter { |
| |
| @Autowired |
| private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter; |
| |
| @Autowired |
| private JwtTokenValidationFilter jwtTokenValidationFilter; |
| |
| @Autowired |
| private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; |
| |
| @Override |
| protected void configure(HttpSecurity http ) throws Exception { |
| http |
| .authorizeRequests() |
| .antMatchers("/**").permitAll() |
| .anyRequest().authenticated() |
| .and() |
| .cors() |
| .and() |
| .exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint) |
| .and() |
| .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) |
| .and() |
| .csrf().disable() |
| .logout().disable() |
| .formLogin().disable() |
| .anonymous() |
| .and() |
| .addFilterAfter(jwtTokenValidationFilter, BasicAuthenticationFilter.class) |
| .anonymous() |
| .and() |
| .addFilterAfter(jwtAuthenticationTokenFilter, BasicAuthenticationFilter.class); |
| } |
| |
| |
| } |
| |