Spring Security: Difference between revisions
Jump to navigation
Jump to search
(Created page with "<source lang="properties"> ;oauth access token and refresh token oauth_refresh_token:org.springframework.security.oauth2.provider.token.store.JdbcTokenStore oauth_access_token...") |
No edit summary |
||
| Line 19: | Line 19: | ||
; | ; | ||
;persistent login/remember me | ;persistent login/remember me | ||
persistent_logins: | persistent_logins:org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl | ||
</source> | |||
<source lang="java" highlight="1-7,59-64" line> | |||
@Configuration | |||
@EnableWebSecurity | |||
@Import({WebDatasourceConfig.class}) | |||
@ComponentScan(basePackages = "com.web.web.security") | |||
@EnableConfigurationProperties(SecurityProperties.class) | |||
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) | |||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | |||
@Autowired | |||
private DataSource dataSource; | |||
@Autowired | |||
private SecurityProperties securityProperties; | |||
@Autowired | |||
private UserDetailsService userDetailsService; | |||
@Autowired | |||
private RestAuthenticationSuccessHandler restAuthenticationSuccessHandler; | |||
@Autowired | |||
private RestAuthenticationFailureHandler restAuthenticationFailureHandler; | |||
@Override | |||
protected void configure(final HttpSecurity http) throws Exception { | |||
http.authorizeRequests() | |||
.antMatchers(securityProperties.getPattern()).permitAll() | |||
.and() | |||
.formLogin() | |||
.loginPage(securityProperties.getLoginPage()) | |||
.successHandler(restAuthenticationSuccessHandler) | |||
.failureHandler(restAuthenticationFailureHandler) | |||
.usernameParameter(securityProperties.getUsernameParameter()) | |||
.passwordParameter(securityProperties.getPasswordParameter()) | |||
.and() | |||
.logout() | |||
.invalidateHttpSession(securityProperties.isInvalidateHttpSession()) | |||
.clearAuthentication(securityProperties.isClearAuthentication()) | |||
.logoutRequestMatcher(new AntPathRequestMatcher(securityProperties.getLogoutRequestMatcher())) | |||
.logoutSuccessUrl(securityProperties.getLogoutSuccessUrl()) | |||
.and() | |||
.sessionManagement() | |||
.invalidSessionUrl(securityProperties.getInvalidSessionUrl()) | |||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) | |||
.maximumSessions(securityProperties.getMaximumSessions()) | |||
.expiredUrl(securityProperties.getExpiredUrl()).and() | |||
.and() | |||
.rememberMe() | |||
.rememberMeParameter(securityProperties.getRememberMeParameter()) | |||
.rememberMeCookieName(securityProperties.getRememberMeCookieName()) | |||
.tokenValiditySeconds(securityProperties.getTokenValiditySeconds()) | |||
.tokenRepository(persistentTokenRepository()) | |||
.and() | |||
.csrf().disable(); | |||
} | |||
@Autowired | |||
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception { | |||
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); | |||
} | |||
@Bean | |||
public PersistentTokenRepository persistentTokenRepository() { | |||
final JdbcTokenRepositoryImpl impl = new JdbcTokenRepositoryImpl(); | |||
impl.setDataSource(dataSource); | |||
return impl; | |||
} | |||
@Bean | |||
public BCryptPasswordEncoder passwordEncoder() { | |||
return new BCryptPasswordEncoder(securityProperties.getStrengthPasswordEncoder()); | |||
} | |||
@Bean | |||
public HttpSessionEventPublisher httpSessionEventPublisher() { | |||
return new HttpSessionEventPublisher(); | |||
} | |||
} | |||
</source> | </source> | ||
Revision as of 02:28, 24 November 2019
;oauth access token and refresh token
oauth_refresh_token:org.springframework.security.oauth2.provider.token.store.JdbcTokenStore
oauth_access_token:org.springframework.security.oauth2.provider.token.store.JdbcTokenStore
oauth_approvals:org.springframework.security.oauth2.provider.approval.JdbcApprovalStore
;
;oauth client authentication and authorization
oauth_client_details:org.springframework.security.oauth2.provider.client.JdbcClientDetailsService
oauth_client_token:org.springframework.security.oauth2.client.token.JdbcClientTokenServices
oauth_code:org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices
;domain object security
acl_object_identity:org.springframework.security.acls.jdbc.JdbcMutableAclService
acl_entry:org.springframework.security.acls.jdbc.JdbcMutableAclService
acl_class:org.springframework.security.acls.jdbc.JdbcMutableAclService
acl_sid:org.springframework.security.acls.jdbc.JdbcMutableAclService
;
;persistent login/remember me
persistent_logins:org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
@Configuration
@EnableWebSecurity
@Import({WebDatasourceConfig.class})
@ComponentScan(basePackages = "com.web.web.security")
@EnableConfigurationProperties(SecurityProperties.class)
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private SecurityProperties securityProperties;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private RestAuthenticationSuccessHandler restAuthenticationSuccessHandler;
@Autowired
private RestAuthenticationFailureHandler restAuthenticationFailureHandler;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(securityProperties.getPattern()).permitAll()
.and()
.formLogin()
.loginPage(securityProperties.getLoginPage())
.successHandler(restAuthenticationSuccessHandler)
.failureHandler(restAuthenticationFailureHandler)
.usernameParameter(securityProperties.getUsernameParameter())
.passwordParameter(securityProperties.getPasswordParameter())
.and()
.logout()
.invalidateHttpSession(securityProperties.isInvalidateHttpSession())
.clearAuthentication(securityProperties.isClearAuthentication())
.logoutRequestMatcher(new AntPathRequestMatcher(securityProperties.getLogoutRequestMatcher()))
.logoutSuccessUrl(securityProperties.getLogoutSuccessUrl())
.and()
.sessionManagement()
.invalidSessionUrl(securityProperties.getInvalidSessionUrl())
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.maximumSessions(securityProperties.getMaximumSessions())
.expiredUrl(securityProperties.getExpiredUrl()).and()
.and()
.rememberMe()
.rememberMeParameter(securityProperties.getRememberMeParameter())
.rememberMeCookieName(securityProperties.getRememberMeCookieName())
.tokenValiditySeconds(securityProperties.getTokenValiditySeconds())
.tokenRepository(persistentTokenRepository())
.and()
.csrf().disable();
}
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
final JdbcTokenRepositoryImpl impl = new JdbcTokenRepositoryImpl();
impl.setDataSource(dataSource);
return impl;
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(securityProperties.getStrengthPasswordEncoder());
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}