Package org.ligoj.boot.web

Class SecurityConfiguration

java.lang.Object
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
org.ligoj.boot.web.SecurityConfiguration
All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,​org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled=true,
                            securedEnabled=true,
                            prePostEnabled=true)
@Profile("prod")
public class SecurityConfiguration
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Spring Boot security configuration.

  • Field Summary

    Fields 
    Modifier and Type Field Description
    protected java.lang.String[] securityPreAuthCookies  
    protected java.lang.String securityPreAuthCredentials  
    protected java.lang.String securityPreAuthLogout  
    protected java.lang.String securityPreAuthPrincipal  

  • Constructor Summary

    Constructors 
    Constructor Description
    SecurityConfiguration()  

  • Method Summary

    Modifier and Type Method Description
    org.ligoj.bootstrap.http.security.RedirectAuthenticationEntryPoint ajaxFormLoginEntryPoint()
    A 403 JSON management.
    org.springframework.security.web.firewall.HttpFirewall allowUrlEncodedSlashHttpFirewall()  
    AbstractAuthenticationProvider authenticationProvider()
    Pre-Authentication provider.
    org.springframework.security.web.session.ConcurrentSessionFilter concurrentSessionFilter()  
    protected void configure​(org.springframework.security.config.annotation.web.builders.HttpSecurity http)  
    void configure​(org.springframework.security.config.annotation.web.builders.WebSecurity web)  
    void configureGlobal​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
    Configure AuthenticationProvider
    DigestAuthenticationFilter digestAuthenticationFilter()  
    org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler getFailureHandler()  
    org.ligoj.bootstrap.http.security.RestRedirectStrategy getRestFailureStrategy()  
    org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler getSuccessHandler()  
    org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy sessionAuth()
    Maximum ONE concurrent session.
    org.springframework.security.core.session.SessionRegistry sessionRegistry()  
    SimpleUserDetailsService userDetailsServiceBean()  

    Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

    authenticationManager, authenticationManagerBean, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • securityPreAuthPrincipal

      @Value("${security.pre-auth-principal:}") protected java.lang.String securityPreAuthPrincipal

    • securityPreAuthLogout

      @Value("${security.pre-auth-logout:}") protected java.lang.String securityPreAuthLogout

    • securityPreAuthCredentials

      @Value("${security.pre-auth-credentials:}") protected java.lang.String securityPreAuthCredentials

    • securityPreAuthCookies

      @Value("${security.pre-auth-cookies:}") protected java.lang.String[] securityPreAuthCookies

  • Constructor Details

  • Method Details

    • ajaxFormLoginEntryPoint

      @Bean public org.ligoj.bootstrap.http.security.RedirectAuthenticationEntryPoint ajaxFormLoginEntryPoint()
      A 403 JSON management.
      Returns:
      A 403 JSON management.

    • allowUrlEncodedSlashHttpFirewall

      @Bean public org.springframework.security.web.firewall.HttpFirewall allowUrlEncodedSlashHttpFirewall()

    • authenticationProvider

      @Bean public AbstractAuthenticationProvider authenticationProvider() throws java.lang.ReflectiveOperationException
      Pre-Authentication provider.
      Returns:
      Pre-Authentication provider.
      Throws:
      java.lang.ReflectiveOperationException - Unable to build the authentication provider

    • concurrentSessionFilter

      @Bean public org.springframework.security.web.session.ConcurrentSessionFilter concurrentSessionFilter()

    • configure

      protected void configure​(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws java.lang.Exception
      Overrides:
      configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
      Throws:
      java.lang.Exception

    • configure

      public void configure​(org.springframework.security.config.annotation.web.builders.WebSecurity web)
      Specified by:
      configure in interface org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,​org.springframework.security.config.annotation.web.builders.WebSecurity>
      Overrides:
      configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

    • configureGlobal

      @Autowired public void configureGlobal​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth) throws java.lang.ReflectiveOperationException
      Configure AuthenticationProvider
      Parameters:
      auth - The builder.
      Throws:
      java.lang.ReflectiveOperationException - Unable to build the authentication provider

    • digestAuthenticationFilter

      @Bean public DigestAuthenticationFilter digestAuthenticationFilter()

    • getFailureHandler

      @Bean public org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler getFailureHandler()

    • getRestFailureStrategy

      @Bean public org.ligoj.bootstrap.http.security.RestRedirectStrategy getRestFailureStrategy()

    • getSuccessHandler

      @Bean public org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler getSuccessHandler()

    • sessionAuth

      @Bean public org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy sessionAuth()
      Maximum ONE concurrent session. Previous user is logged out.
      Returns:
      Concurrency configuration.

    • sessionRegistry

      @Bean public org.springframework.security.core.session.SessionRegistry sessionRegistry()

    • userDetailsServiceBean

      @Bean public SimpleUserDetailsService userDetailsServiceBean()
      Overrides:
      userDetailsServiceBean in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter