mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-25 19:58:48 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			120 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
			
		
		
	
	
			120 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
| /*
 | |
|  * Copyright 2004-present the original author or authors.
 | |
|  *
 | |
|  * Licensed under the Apache License, Version 2.0 (the "License");
 | |
|  * you may not use this file except in compliance with the License.
 | |
|  * You may obtain a copy of the License at
 | |
|  *
 | |
|  *      https://www.apache.org/licenses/LICENSE-2.0
 | |
|  *
 | |
|  * Unless required by applicable law or agreed to in writing, software
 | |
|  * distributed under the License is distributed on an "AS IS" BASIS,
 | |
|  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
|  * See the License for the specific language governing permissions and
 | |
|  * limitations under the License.
 | |
|  */
 | |
| 
 | |
| package org.springframework.security.kerberos.docs;
 | |
| 
 | |
| import org.springframework.beans.factory.annotation.Value;
 | |
| import org.springframework.context.annotation.Bean;
 | |
| import org.springframework.context.annotation.Configuration;
 | |
| import org.springframework.core.io.FileSystemResource;
 | |
| import org.springframework.security.authentication.AuthenticationManager;
 | |
| import org.springframework.security.authentication.ProviderManager;
 | |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 | |
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 | |
| import org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider;
 | |
| import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
 | |
| import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient;
 | |
| import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator;
 | |
| import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter;
 | |
| import org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint;
 | |
| import org.springframework.security.web.SecurityFilterChain;
 | |
| import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 | |
| 
 | |
| //tag::snippetA[]
 | |
| @Configuration
 | |
| @EnableWebSecurity
 | |
| public class WebSecurityConfig {
 | |
| 
 | |
| 	@Value("${app.service-principal}")
 | |
| 	private String servicePrincipal;
 | |
| 
 | |
| 	@Value("${app.keytab-location}")
 | |
| 	private String keytabLocation;
 | |
| 
 | |
| 	@Bean
 | |
| 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 | |
| 		KerberosAuthenticationProvider kerberosAuthenticationProvider = kerberosAuthenticationProvider();
 | |
| 		KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider = kerberosServiceAuthenticationProvider();
 | |
| 		ProviderManager providerManager = new ProviderManager(kerberosAuthenticationProvider,
 | |
| 				kerberosServiceAuthenticationProvider);
 | |
| 
 | |
| 		http
 | |
| 			.authorizeHttpRequests((authz) -> authz
 | |
| 				.requestMatchers("/", "/home").permitAll()
 | |
| 				.anyRequest().authenticated()
 | |
| 			)
 | |
| 			.exceptionHandling()
 | |
| 				.authenticationEntryPoint(spnegoEntryPoint())
 | |
| 				.and()
 | |
| 			.formLogin()
 | |
| 				.loginPage("/login").permitAll()
 | |
| 				.and()
 | |
| 			.logout()
 | |
| 				.permitAll()
 | |
| 				.and()
 | |
| 			.authenticationProvider(kerberosAuthenticationProvider())
 | |
| 			.authenticationProvider(kerberosServiceAuthenticationProvider())
 | |
| 			.addFilterBefore(spnegoAuthenticationProcessingFilter(providerManager),
 | |
| 					BasicAuthenticationFilter.class);
 | |
| 			return http.build();
 | |
| 	}
 | |
| 
 | |
| 	@Bean
 | |
| 	public KerberosAuthenticationProvider kerberosAuthenticationProvider() {
 | |
| 		KerberosAuthenticationProvider provider = new KerberosAuthenticationProvider();
 | |
| 		SunJaasKerberosClient client = new SunJaasKerberosClient();
 | |
| 		client.setDebug(true);
 | |
| 		provider.setKerberosClient(client);
 | |
| 		provider.setUserDetailsService(dummyUserDetailsService());
 | |
| 		return provider;
 | |
| 	}
 | |
| 
 | |
| 	@Bean
 | |
| 	public SpnegoEntryPoint spnegoEntryPoint() {
 | |
| 		return new SpnegoEntryPoint("/login");
 | |
| 	}
 | |
| 
 | |
| 	public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter(
 | |
| 			AuthenticationManager authenticationManager) {
 | |
| 		SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter();
 | |
| 		filter.setAuthenticationManager(authenticationManager);
 | |
| 		return filter;
 | |
| 	}
 | |
| 
 | |
| 	@Bean
 | |
| 	public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() {
 | |
| 		KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider();
 | |
| 		provider.setTicketValidator(sunJaasKerberosTicketValidator());
 | |
| 		provider.setUserDetailsService(dummyUserDetailsService());
 | |
| 		return provider;
 | |
| 	}
 | |
| 
 | |
| 	@Bean
 | |
| 	public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() {
 | |
| 		SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
 | |
| 		ticketValidator.setServicePrincipal(servicePrincipal);
 | |
| 		ticketValidator.setKeyTabLocation(new FileSystemResource(keytabLocation));
 | |
| 		ticketValidator.setDebug(true);
 | |
| 		return ticketValidator;
 | |
| 	}
 | |
| 
 | |
| 	@Bean
 | |
| 	public DummyUserDetailsService dummyUserDetailsService() {
 | |
| 		return new DummyUserDetailsService();
 | |
| 	}
 | |
| }
 | |
| //end::snippetA[]
 |