Package org.ligoj.boot.web
Class SecurityConfiguration
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-
- org.ligoj.boot.web.SecurityConfiguration
-
- All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>,org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(jsr250Enabled=true, securedEnabled=true, prePostEnabled=true) @Profile("prod") public class SecurityConfiguration extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapterSpring Boot security configuration.
-
-
Field Summary
Fields Modifier and Type Field Description protected String[]securityPreAuthCookiesprotected StringsecurityPreAuthCredentialsprotected StringsecurityPreAuthLogoutprotected StringsecurityPreAuthPrincipal
-
Constructor Summary
Constructors Constructor Description SecurityConfiguration()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.ligoj.bootstrap.http.security.RedirectAuthenticationEntryPointajaxFormLoginEntryPoint()A 403 JSON management.org.springframework.security.web.firewall.HttpFirewallallowUrlEncodedSlashHttpFirewall()AbstractAuthenticationProviderauthenticationProvider()Pre-Authentication provider.org.springframework.security.web.session.ConcurrentSessionFilterconcurrentSessionFilter()protected voidconfigure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)voidconfigure(org.springframework.security.config.annotation.web.builders.WebSecurity web)voidconfigureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)ConfigureAuthenticationProviderDigestAuthenticationFilterdigestAuthenticationFilter()org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandlergetFailureHandler()org.ligoj.bootstrap.http.security.RestRedirectStrategygetRestFailureStrategy()org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandlergetSuccessHandler()org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategysessionAuth()Maximum ONE concurrent session.org.springframework.security.core.session.SessionRegistrysessionRegistry()SimpleUserDetailsServiceuserDetailsServiceBean()-
Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
authenticationManager, authenticationManagerBean, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService
-
-
-
-
Field Detail
-
securityPreAuthPrincipal
@Value("${security.pre-auth-principal:}") protected String securityPreAuthPrincipal
-
securityPreAuthLogout
@Value("${security.pre-auth-logout:}") protected String securityPreAuthLogout
-
securityPreAuthCredentials
@Value("${security.pre-auth-credentials:}") protected String securityPreAuthCredentials
-
securityPreAuthCookies
@Value("${security.pre-auth-cookies:}") protected String[] securityPreAuthCookies
-
-
Method Detail
-
ajaxFormLoginEntryPoint
@Bean public org.ligoj.bootstrap.http.security.RedirectAuthenticationEntryPoint ajaxFormLoginEntryPoint()
A 403 JSON management.- Returns:
- A 403 JSON management.
-
allowUrlEncodedSlashHttpFirewall
@Bean public org.springframework.security.web.firewall.HttpFirewall allowUrlEncodedSlashHttpFirewall()
-
authenticationProvider
@Bean public AbstractAuthenticationProvider authenticationProvider() throws ReflectiveOperationException
Pre-Authentication provider.- Returns:
- Pre-Authentication provider.
- Throws:
ReflectiveOperationException- Unable to build the authentication provider
-
concurrentSessionFilter
@Bean public org.springframework.security.web.session.ConcurrentSessionFilter concurrentSessionFilter()
-
configure
protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception- Overrides:
configurein classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter- Throws:
Exception
-
configure
public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web)
- Specified by:
configurein interfaceorg.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>- Overrides:
configurein classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-
configureGlobal
@Autowired public void configureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth) throws ReflectiveOperationExceptionConfigureAuthenticationProvider- Parameters:
auth- The builder.- Throws:
ReflectiveOperationException- Unable to build the authentication provider
-
digestAuthenticationFilter
@Bean public DigestAuthenticationFilter digestAuthenticationFilter()
-
getFailureHandler
@Bean public org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler getFailureHandler()
-
getRestFailureStrategy
@Bean public org.ligoj.bootstrap.http.security.RestRedirectStrategy getRestFailureStrategy()
-
getSuccessHandler
@Bean public org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler getSuccessHandler()
-
sessionAuth
@Bean public org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy sessionAuth()
Maximum ONE concurrent session. Previous user is logged out.- Returns:
- Concurrency configuration.
-
sessionRegistry
@Bean public org.springframework.security.core.session.SessionRegistry sessionRegistry()
-
userDetailsServiceBean
@Bean public SimpleUserDetailsService userDetailsServiceBean()
- Overrides:
userDetailsServiceBeanin classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-
-