Merge pull request #417 from kohanyirobert/channel-security
Channel security
This commit is contained in:
commit
06adf29a93
|
@ -0,0 +1,69 @@
|
|||
package org.baeldung.spring;
|
||||
|
||||
import org.baeldung.security.CustomLogoutSuccessHandler;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
|
||||
@Configuration
|
||||
// @ImportResource({ "classpath:channelWebSecurityConfig.xml" })
|
||||
@EnableWebSecurity
|
||||
@Profile("https")
|
||||
public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
public ChannelSecSecurityConfig() {
|
||||
super();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
// @formatter:off
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("user1").password("user1Pass").roles("USER")
|
||||
.and()
|
||||
.withUser("user2").password("user2Pass").roles("USER");
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.csrf().disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/anonymous*").anonymous()
|
||||
.antMatchers("/login*").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.requiresChannel()
|
||||
.antMatchers("/login*", "/perform_login").requiresSecure()
|
||||
.anyRequest().requiresInsecure()
|
||||
.and()
|
||||
.sessionManagement()
|
||||
.sessionFixation()
|
||||
.none()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login.html")
|
||||
.loginProcessingUrl("/perform_login")
|
||||
.defaultSuccessUrl("/homepage.html",true)
|
||||
.failureUrl("/login.html?error=true")
|
||||
.and()
|
||||
.logout()
|
||||
.logoutUrl("/perform_logout")
|
||||
.deleteCookies("JSESSIONID")
|
||||
.logoutSuccessHandler(logoutSuccessHandler());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Bean
|
||||
public LogoutSuccessHandler logoutSuccessHandler() {
|
||||
return new CustomLogoutSuccessHandler();
|
||||
}
|
||||
|
||||
}
|
|
@ -3,6 +3,7 @@ package org.baeldung.spring;
|
|||
import org.baeldung.security.CustomLogoutSuccessHandler;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
@ -12,6 +13,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
|
|||
@Configuration
|
||||
// @ImportResource({ "classpath:webSecurityConfig.xml" })
|
||||
@EnableWebSecurity
|
||||
@Profile("!https")
|
||||
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
public SecSecurityConfig() {
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security-4.0.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd"
|
||||
>
|
||||
|
||||
<http use-expressions="true">
|
||||
<intercept-url pattern="/anonymous*" access="isAnonymous()"/>
|
||||
<intercept-url pattern="/login*" access="permitAll" requires-channel="https"/>
|
||||
<intercept-url pattern="/perform_login" requires-channel="https"/>
|
||||
<intercept-url pattern="/**" access="isAuthenticated()" requires-channel="http"/>
|
||||
|
||||
<csrf disabled="true"/>
|
||||
|
||||
<form-login login-page='/login.html' login-processing-url="/perform_login" default-target-url="/homepage.html" authentication-failure-url="/login.html?error=true"
|
||||
always-use-default-target="true"/>
|
||||
|
||||
<logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
|
||||
|
||||
<session-management session-fixation-protection="none"/>
|
||||
</http>
|
||||
|
||||
<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider>
|
||||
<user-service>
|
||||
<user name="user1" password="user1Pass" authorities="ROLE_USER"/>
|
||||
<user name="user2" password="user2Pass" authorities="ROLE_USER"/>
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</authentication-manager>
|
||||
|
||||
</beans:beans>
|
|
@ -18,7 +18,6 @@
|
|||
always-use-default-target="true"/>
|
||||
|
||||
<logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
|
||||
|
||||
</http>
|
||||
|
||||
<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
|
||||
|
|
Loading…
Reference in New Issue