Merge pull request #417 from kohanyirobert/channel-security
Channel security
This commit is contained in:
slavisa-baeldung
commit
06adf29a93
|
|
@ -0,0 +1,69 @@
|
||||||
|
package org.baeldung.spring;
|
||||||
|
|
||||||
|
import org.baeldung.security.CustomLogoutSuccessHandler;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.context.annotation.Profile;
|
||||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
// @ImportResource({ "classpath:channelWebSecurityConfig.xml" })
|
||||||
|
@EnableWebSecurity
|
||||||
|
@Profile("https")
|
||||||
|
public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
public ChannelSecSecurityConfig() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||||
|
// @formatter:off
|
||||||
|
auth.inMemoryAuthentication()
|
||||||
|
.withUser("user1").password("user1Pass").roles("USER")
|
||||||
|
.and()
|
||||||
|
.withUser("user2").password("user2Pass").roles("USER");
|
||||||
|
// @formatter:on
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(final HttpSecurity http) throws Exception {
|
||||||
|
// @formatter:off
|
||||||
|
http
|
||||||
|
.csrf().disable()
|
||||||
|
.authorizeRequests()
|
||||||
|
.antMatchers("/anonymous*").anonymous()
|
||||||
|
.antMatchers("/login*").permitAll()
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
.and()
|
||||||
|
.requiresChannel()
|
||||||
|
.antMatchers("/login*", "/perform_login").requiresSecure()
|
||||||
|
.anyRequest().requiresInsecure()
|
||||||
|
.and()
|
||||||
|
.sessionManagement()
|
||||||
|
.sessionFixation()
|
||||||
|
.none()
|
||||||
|
.and()
|
||||||
|
.formLogin()
|
||||||
|
.loginPage("/login.html")
|
||||||
|
.loginProcessingUrl("/perform_login")
|
||||||
|
.defaultSuccessUrl("/homepage.html",true)
|
||||||
|
.failureUrl("/login.html?error=true")
|
||||||
|
.and()
|
||||||
|
.logout()
|
||||||
|
.logoutUrl("/perform_logout")
|
||||||
|
.deleteCookies("JSESSIONID")
|
||||||
|
.logoutSuccessHandler(logoutSuccessHandler());
|
||||||
|
// @formatter:on
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public LogoutSuccessHandler logoutSuccessHandler() {
|
||||||
|
return new CustomLogoutSuccessHandler();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -3,6 +3,7 @@ package org.baeldung.spring;
|
||||||
import org.baeldung.security.CustomLogoutSuccessHandler;
|
import org.baeldung.security.CustomLogoutSuccessHandler;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.context.annotation.Profile;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
|
@ -12,6 +13,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
|
||||||
@Configuration
|
@Configuration
|
||||||
// @ImportResource({ "classpath:webSecurityConfig.xml" })
|
// @ImportResource({ "classpath:webSecurityConfig.xml" })
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
|
@Profile("!https")
|
||||||
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
public SecSecurityConfig() {
|
public SecSecurityConfig() {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,37 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security
|
||||||
|
http://www.springframework.org/schema/security/spring-security-4.0.xsd
|
||||||
|
http://www.springframework.org/schema/beans
|
||||||
|
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd"
|
||||||
|
>
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/anonymous*" access="isAnonymous()"/>
|
||||||
|
<intercept-url pattern="/login*" access="permitAll" requires-channel="https"/>
|
||||||
|
<intercept-url pattern="/perform_login" requires-channel="https"/>
|
||||||
|
<intercept-url pattern="/**" access="isAuthenticated()" requires-channel="http"/>
|
||||||
|
|
||||||
|
<csrf disabled="true"/>
|
||||||
|
|
||||||
|
<form-login login-page='/login.html' login-processing-url="/perform_login" default-target-url="/homepage.html" authentication-failure-url="/login.html?error=true"
|
||||||
|
always-use-default-target="true"/>
|
||||||
|
|
||||||
|
<logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
|
||||||
|
|
||||||
|
<session-management session-fixation-protection="none"/>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
|
||||||
|
|
||||||
|
<authentication-manager>
|
||||||
|
<authentication-provider>
|
||||||
|
<user-service>
|
||||||
|
<user name="user1" password="user1Pass" authorities="ROLE_USER"/>
|
||||||
|
<user name="user2" password="user2Pass" authorities="ROLE_USER"/>
|
||||||
|
</user-service>
|
||||||
|
</authentication-provider>
|
||||||
|
</authentication-manager>
|
||||||
|
|
||||||
|
</beans:beans>
|
||||||
|
|
@ -18,7 +18,6 @@
|
||||||
always-use-default-target="true"/>
|
always-use-default-target="true"/>
|
||||||
|
|
||||||
<logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
|
<logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
|
||||||
|
|
||||||
</http>
|
</http>
|
||||||
|
|
||||||
<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
|
<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue