End security setup.
This commit is contained in:
@@ -15,7 +15,7 @@ import java.util.List;
|
|||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import static org.springframework.http.HttpHeaders.AUTHORIZATION;
|
import static org.springframework.http.HttpHeaders.AUTHORIZATION;
|
||||||
import static org.takiguchi.tamotsu.client.constant.Constant.AUTHORITIES_KEY;
|
import static org.takiguchi.starter.config.security.TokenProvider.AUTHORITIES_KEY;
|
||||||
|
|
||||||
public class JwtRequestFilter extends OncePerRequestFilter {
|
public class JwtRequestFilter extends OncePerRequestFilter {
|
||||||
private static final String TOKEN_PREFIX = "Bearer ";
|
private static final String TOKEN_PREFIX = "Bearer ";
|
||||||
@@ -34,7 +34,7 @@ public class JwtRequestFilter extends OncePerRequestFilter {
|
|||||||
if (SecurityContextHolder.getContext().getAuthentication() == null) {
|
if (SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||||
String username = null;
|
String username = null;
|
||||||
try {
|
try {
|
||||||
username = tokenProvider.getUsernameFromToken(token);
|
username = tokenProvider.getUserEmailFromToken(token);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
// Do nothing
|
// Do nothing
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -11,13 +11,22 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
|||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import static org.springframework.http.HttpMethod.GET;
|
|
||||||
import static org.springframework.http.HttpMethod.OPTIONS;
|
import static org.springframework.http.HttpMethod.OPTIONS;
|
||||||
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
|
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
|
||||||
|
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@Configuration
|
@Configuration
|
||||||
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
private final String signingKey;
|
||||||
|
private final int accessTokenValiditySeconds;
|
||||||
|
|
||||||
|
public SecurityConfiguration(@Value("${app.security.signing-key}") String signingKey,
|
||||||
|
@Value("${app.security.access-token-validity-seconds}") int accessTokenValiditySeconds) {
|
||||||
|
this.signingKey = signingKey;
|
||||||
|
this.accessTokenValiditySeconds = accessTokenValiditySeconds;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http.cors().disable()
|
http.cors().disable()
|
||||||
@@ -25,13 +34,13 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
.authenticationEntryPoint((request, response, authResponse) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
|
.authenticationEntryPoint((request, response, authResponse) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
|
||||||
.accessDeniedHandler((request, response, accessDeniedException) -> response.sendError(HttpServletResponse.SC_FORBIDDEN))
|
.accessDeniedHandler((request, response, accessDeniedException) -> response.sendError(HttpServletResponse.SC_FORBIDDEN))
|
||||||
.and()
|
.and()
|
||||||
.addFilterBefore(jwtRequestFilter(), UsernamePasswordAuthenticationFilter.class)
|
.addFilterBefore(jwtRequestFilter(tokenProvider(signingKey, accessTokenValiditySeconds)), UsernamePasswordAuthenticationFilter.class)
|
||||||
.sessionManagement().sessionCreationPolicy(STATELESS)
|
.sessionManagement().sessionCreationPolicy(STATELESS)
|
||||||
.and()
|
.and()
|
||||||
.requiresChannel()
|
// .requiresChannel()
|
||||||
.anyRequest()
|
// .anyRequest()
|
||||||
.requiresSecure()
|
// .requiresSecure()
|
||||||
.and()
|
// .and()
|
||||||
.csrf().disable()
|
.csrf().disable()
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
.antMatchers(
|
.antMatchers(
|
||||||
@@ -46,6 +55,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
public BCryptPasswordEncoder passwordEncoder() {
|
public BCryptPasswordEncoder passwordEncoder() {
|
||||||
return new BCryptPasswordEncoder();
|
return new BCryptPasswordEncoder();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public TokenProvider tokenProvider(@Value("${app.security.signing-key}") String signingKey,
|
public TokenProvider tokenProvider(@Value("${app.security.signing-key}") String signingKey,
|
||||||
@Value("${app.security.access-token-validity-seconds}") int accessTokenValiditySeconds) {
|
@Value("${app.security.access-token-validity-seconds}") int accessTokenValiditySeconds) {
|
||||||
@@ -53,7 +63,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public JwtRequestFilter jwtRequestFilter() {
|
public JwtRequestFilter jwtRequestFilter(TokenProvider tokenProvider) {
|
||||||
return new JwtRequestFilter(tokenProvider());
|
return new JwtRequestFilter(tokenProvider);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ import java.util.function.Function;
|
|||||||
|
|
||||||
public class TokenProvider {
|
public class TokenProvider {
|
||||||
|
|
||||||
private static final String AUTHORITIES_KEY = "scopes";
|
public static final String AUTHORITIES_KEY = "scopes";
|
||||||
private final String signingKey;
|
private final String signingKey;
|
||||||
private final int accessTokenValiditySeconds;
|
private final int accessTokenValiditySeconds;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user