Package org.ligoj.boot.web
Class SecurityConfiguration
java.lang.Object
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
org.ligoj.boot.web.SecurityConfiguration
- All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>,org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled=true,
securedEnabled=true,
prePostEnabled=true)
@Profile("prod")
public class SecurityConfiguration
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Spring Boot security configuration.
-
Field Summary
Fields Modifier and Type Field Description protected java.lang.String[]securityPreAuthCookiesprotected java.lang.StringsecurityPreAuthCredentialsprotected java.lang.StringsecurityPreAuthLogoutprotected java.lang.StringsecurityPreAuthPrincipal -
Constructor Summary
Constructors Constructor Description SecurityConfiguration() -
Method Summary
Modifier and Type Method Description org.ligoj.bootstrap.http.security.RedirectAuthenticationEntryPointajaxFormLoginEntryPoint()A 403 JSON management.org.springframework.security.web.firewall.HttpFirewallallowUrlEncodedSlashHttpFirewall()Configure firewall.AbstractAuthenticationProviderauthenticationProvider()Pre-Authentication provider.org.springframework.security.web.session.ConcurrentSessionFilterconcurrentSessionFilter()Configure session management filter.protected voidconfigure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)voidconfigure(org.springframework.security.config.annotation.web.builders.WebSecurity web)voidconfigureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)ConfigureAuthenticationProviderDigestAuthenticationFilterdigestAuthenticationFilter()Configure digest based authentication.org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandlergetFailureHandler()Configure failure URL.org.ligoj.bootstrap.http.security.RestRedirectStrategygetRestFailureStrategy()Configure REST failure URL.org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandlergetSuccessHandler()Configure success URL.org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategysessionAuth()Maximum ONE concurrent session.org.springframework.security.core.session.SessionRegistrysessionRegistry()Configure session registry.SimpleUserDetailsServiceuserDetailsServiceBean()Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
authenticationManager, authenticationManagerBean, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsServiceMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Field Details
-
securityPreAuthPrincipal
@Value("${security.pre-auth-principal:}") protected java.lang.String securityPreAuthPrincipal -
securityPreAuthLogout
@Value("${security.pre-auth-logout:}") protected java.lang.String securityPreAuthLogout -
securityPreAuthCredentials
@Value("${security.pre-auth-credentials:}") protected java.lang.String securityPreAuthCredentials -
securityPreAuthCookies
@Value("${security.pre-auth-cookies:}") protected java.lang.String[] securityPreAuthCookies
-
-
Constructor Details
-
SecurityConfiguration
public SecurityConfiguration()
-
-
Method Details
-
ajaxFormLoginEntryPoint
@Bean public org.ligoj.bootstrap.http.security.RedirectAuthenticationEntryPoint ajaxFormLoginEntryPoint()A 403 JSON management.- Returns:
- A 403 JSON management.
-
allowUrlEncodedSlashHttpFirewall
@Bean public org.springframework.security.web.firewall.HttpFirewall allowUrlEncodedSlashHttpFirewall()Configure firewall.- Returns:
- firewall configuration.
-
authenticationProvider
@Bean public AbstractAuthenticationProvider authenticationProvider() throws java.lang.ReflectiveOperationExceptionPre-Authentication provider.- Returns:
- Pre-Authentication provider.
- Throws:
java.lang.ReflectiveOperationException- Unable to build the authentication provider
-
concurrentSessionFilter
@Bean public org.springframework.security.web.session.ConcurrentSessionFilter concurrentSessionFilter()Configure session management filter.- Returns:
- session management configuration.
-
configure
protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws java.lang.Exception- Overrides:
configurein classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter- Throws:
java.lang.Exception
-
configure
public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web)- Specified by:
configurein interfaceorg.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>- Overrides:
configurein classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-
configureGlobal
@Autowired public void configureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth) throws java.lang.ReflectiveOperationExceptionConfigureAuthenticationProvider- Parameters:
auth- The builder.- Throws:
java.lang.ReflectiveOperationException- Unable to build the authentication provider
-
digestAuthenticationFilter
Configure digest based authentication.- Returns:
- digest based authentication configuration.
-
getFailureHandler
@Bean public org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler getFailureHandler()Configure failure URL.- Returns:
- authentication failure configuration.
-
getRestFailureStrategy
@Bean public org.ligoj.bootstrap.http.security.RestRedirectStrategy getRestFailureStrategy()Configure REST failure URL.- Returns:
- REST failure configuration.
-
getSuccessHandler
@Bean public org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler getSuccessHandler()Configure success URL.- Returns:
- authentication success configuration.
-
sessionAuth
@Bean public org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy sessionAuth()Maximum ONE concurrent session. Previous user is logged out.- Returns:
- Concurrency configuration.
-
sessionRegistry
@Bean public org.springframework.security.core.session.SessionRegistry sessionRegistry()Configure session registry.- Returns:
- session registry configuration.
-
userDetailsServiceBean
- Overrides:
userDetailsServiceBeanin classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-