BAEL-7005, Difference Between permitAll() and anonymous() in Spring Security
This commit is contained in:
parent
0507b0417e
commit
5f018b3186
|
@ -24,4 +24,6 @@ public class EcommerceController {
|
||||||
public @ResponseBody String registerUser() {
|
public @ResponseBody String registerUser() {
|
||||||
return "Register User";
|
return "Register User";
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
package com.baeldung.permitallanonymous.filter;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||||
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
|
import javax.servlet.FilterChain;
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
public class AuditInterceptor extends OncePerRequestFilter {
|
||||||
|
private final Logger logger = LoggerFactory.getLogger(AuditInterceptor.class);
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||||
|
throws ServletException, IOException {
|
||||||
|
|
||||||
|
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||||
|
if (authentication instanceof AnonymousAuthenticationToken) {
|
||||||
|
logger.info("Audit anonymous user");
|
||||||
|
}
|
||||||
|
if (authentication instanceof UsernamePasswordAuthenticationToken) {
|
||||||
|
logger.info("Audit registered user");
|
||||||
|
}
|
||||||
|
filterChain.doFilter(request, response);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,5 +1,6 @@
|
||||||
package com.baeldung.permitallanonymous.security;
|
package com.baeldung.permitallanonymous.security;
|
||||||
|
|
||||||
|
import com.baeldung.permitallanonymous.filter.AuditInterceptor;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
@ -10,6 +11,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
|
@ -23,9 +25,11 @@ public class EcommerceWebSecurityConfig {
|
||||||
|
|
||||||
return new InMemoryUserDetailsManager(user);
|
return new InMemoryUserDetailsManager(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http.authorizeRequests()
|
http.addFilterAfter(new AuditInterceptor(), AnonymousAuthenticationFilter.class)
|
||||||
|
.authorizeRequests()
|
||||||
.antMatchers("/private/**").authenticated().and().httpBasic()
|
.antMatchers("/private/**").authenticated().and().httpBasic()
|
||||||
.and().authorizeRequests()
|
.and().authorizeRequests()
|
||||||
.antMatchers("/public/showProducts").permitAll()
|
.antMatchers("/public/showProducts").permitAll()
|
||||||
|
@ -38,4 +42,5 @@ public class EcommerceWebSecurityConfig {
|
||||||
public BCryptPasswordEncoder passwordEncoder() {
|
public BCryptPasswordEncoder passwordEncoder() {
|
||||||
return new BCryptPasswordEncoder();
|
return new BCryptPasswordEncoder();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue