SecurityConfig.java example

Explorer

Vaadin4Spring-MVP-Sample-SpringSecurity-master
- src
  - main
    - java
      - org
        vaadin
        spring
        sample
        security
        Application.java
        CustomVaadinServlet.java
        SecurityConfig.java
        account
        Account.java
        AccountRepository.java
        JdbcAccountRepository.java
        JdbcUserDetailsService.java
        UsernameAlreadyInUseException.java
        service
        DummyService.java
        DummyServiceImpl.java
        ui
        MainLayout.java
        MainUI.java
        UserSignedInEvent.java
        UserSignedOutEvent.java
        ViewToken.java
        admin
        AdminPresenter.java
        AdminViewImpl.java
        HiddenAdminPresenter.java
        HiddenAdminViewImpl.java
        home
        HomePresenter.java
        HomePresenterHandlers.java
        HomeViewImpl.java
        navigation
        VaadinRedirectObject.java
        security
        AccessDeniedEvent.java
        HttpRequestResponseService.java
        HttpResponseFactory.java
        HttpResponseFilter.java
        PreAuthorizeSpringViewProviderAccessDelegate.java
        SecuredNavigator.java
        SpringApplicationContext.java
        SpringSecurityErrorHandler.java
        VaadinHttpRequestResponseService.java
        VaadinPersistentTokenBasedRememberMeServices.java
        signin
        SignInPresenter.java
        SignInPresenterHandlers.java
        SignInViewImpl.java
        signup
        SignUpPresenter.java
        SignUpPresenterHandlers.java
        SignUpViewImpl.java
        user
        UserPresenter.java
        UserPresenterHandlers.java
        UserViewImpl.java

package org.vaadin.spring.sample.security;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.vaadin.spring.sample.security.account.JdbcUserDetailsService;
import org.vaadin.spring.sample.security.ui.security.PreAuthorizeSpringViewProviderAccessDelegate;
import org.vaadin.spring.sample.security.ui.security.VaadinPersistentTokenBasedRememberMeServices;
import org.vaadin.spring.security.Security;


@Configuration
@ComponentScan
public class SecurityConfig   {
			
	
	@Autowired
	private ApplicationContext context;
	
	@Autowired
	private Security security;
	
	@Bean
	public PreAuthorizeSpringViewProviderAccessDelegate preAuthorizeSpringViewProviderAccessDelegate() {
		return new PreAuthorizeSpringViewProviderAccessDelegate(security, context);
	}
	
	@Configuration
	@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
	public static class GlobalMethodSecurity extends GlobalMethodSecurityConfiguration {
		
		@Bean
		@Override
		protected AccessDecisionManager accessDecisionManager() {
			return super.accessDecisionManager();
		}
	}
	
	/**
	 * WebMvcSecurity configuration
	 * @author marko
	 *
	 */
	@Configuration
	@EnableWebMvcSecurity	
	public static class WebMvcSecurityConfig extends WebSecurityConfigurerAdapter {
		
		@Autowired
		JdbcUserDetailsService userDetailsService;
		
		@Autowired
		DataSource dataSource;
		
		
		@Bean
		public PasswordEncoder passwordEncoder() {
			return NoOpPasswordEncoder.getInstance();
		}

		@Bean
		public TextEncryptor textEncryptor() {
			return Encryptors.noOpText();
		}
		
		@Bean
		public PersistentTokenRepository jdbcTokenRepository() {
			JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl();
			repository.setCreateTableOnStartup(false);
			repository.setDataSource(dataSource);			
			return repository;
		}
		
		@Bean
		public RememberMeServices persistentTokenBasedRememberMeServices() {
			VaadinPersistentTokenBasedRememberMeServices services = new VaadinPersistentTokenBasedRememberMeServices(
					"vaadin4spring", 
					userDetailsService, 
					jdbcTokenRepository());
			services.setCookieName("REMEMBERME");
			return services;
		}
		
		/*
		 * (non-Javadoc)
		 * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.WebSecurity)
		 */
		@Override
		public void configure(WebSecurity web) throws Exception {
			//Ignoring static resources
			web.ignoring().antMatchers("/VAADIN/**");
		}
		
		@Override
		protected void configure(AuthenticationManagerBuilder auth)
				throws Exception {
			auth.userDetailsService(userDetailsService);
				
		}
		
		@Bean(name="authenticationManager")
		@Override
		public AuthenticationManager authenticationManagerBean() throws Exception {
			return super.authenticationManagerBean();
		}
		
		
		/*
		 * (non-Javadoc)
		 * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)
		 */
		@Override
		protected void configure(HttpSecurity http) throws Exception {
			
			http.exceptionHandling()			
				.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
					.and()
				.authorizeRequests()								
					.antMatchers("/**").permitAll()
					.and()		
				.rememberMe()
					.key("vaadin4spring")
					.rememberMeServices(persistentTokenBasedRememberMeServices())
					.and()				
				.csrf().disable();
		}
		
		
		
		
	}
	

}