geesen/SecurityConfiguration

## SecurityConfiguration
package de.indivon.example.config;

import java.util.ArrayList;
import java.util.Collection;

import javax.inject.Inject;

import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.csrf.CsrfFilter;

import de.indivon.example.config.properties.LdapProperties;
import de.indivon.example.security.AjaxAuthenticationFailureHandler;
import de.indivon.example.security.AjaxAuthenticationSuccessHandler;
import de.indivon.example.security.AjaxLogoutSuccessHandler;
import de.indivon.example.security.AuthoritiesConstants;
import de.indivon.example.security.CustomLdapUserDetailsService;
import de.indivon.example.security.Http401UnauthorizedEntryPoint;
import de.indivon.example.web.filter.CsrfCookieGeneratorFilter;

@Configuration
@EnableConfigurationProperties
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@AutoConfigureBefore(org.activiti.spring.boot.SecurityAutoConfiguration.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Inject
	private Environment env;

	@Inject
	private AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler;

	@Inject
	private AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler;

	@Inject
	private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

	@Inject
	private Http401UnauthorizedEntryPoint authenticationEntryPoint;

	@Inject
	private RememberMeServices rememberMeServices;

	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Bean
	public CustomLdapUserDetailsService customLdapUserDetailsService() {
		CustomLdapUserDetailsService uds = new CustomLdapUserDetailsService(ldapUserSearch(), ldapAuthoritiesPopulator());
		uds.setUserDetailsMapper(userDetailsContextMapper());
		return uds;
	}

	@Bean
	public UserDetailsService userDetailsService() {
		return customLdapUserDetailsService();
	}

	@Bean
	public UserDetailsContextMapper userDetailsContextMapper() {
		return new UserDetailsContextMapper() {

			@Override
			public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
			}

			@Override
			public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
				Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
				grantedAuthorities.addAll(authorities);
				GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(AuthoritiesConstants.USER);
				grantedAuthorities.add(grantedAuthority);
				return new org.springframework.security.core.userdetails.User(username, "1", grantedAuthorities);
			}
		};

	}

	@Bean
	public LdapAuthoritiesPopulator ldapAuthoritiesPopulator() {
		DefaultLdapAuthoritiesPopulator authoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource(), ldapProperties().getGroupSearchBase());
		authoritiesPopulator.setGroupRoleAttribute(ldapProperties().getGroupRoleAttribute());
		authoritiesPopulator.setGroupSearchFilter(ldapProperties().getGroupSearchFilter());
		return authoritiesPopulator;
	}

	@Bean
	public LdapUserSearch ldapUserSearch() {
		String searchBase = ldapProperties().getUserSearchBase();
		String searchFilter = ldapProperties().getUserSearchFilter();
		BaseLdapPathContextSource contextSource = contextSource();
		return new FilterBasedLdapUserSearch(searchBase, searchFilter, contextSource);
	}

	@Inject
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.ldapAuthentication()
			.userDetailsContextMapper(userDetailsContextMapper())
			.ldapAuthoritiesPopulator(ldapAuthoritiesPopulator())
			.userSearchBase(ldapProperties().getUserSearchBase())
			.userSearchFilter(ldapProperties().getUserSearchFilter())
			.contextSource(contextSource());
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring()
			.antMatchers("/scripts/**/*.{js,html}")
			.antMatchers("/bower_components/**")
			.antMatchers("/i18n/**")
			.antMatchers("/assets/**")
			.antMatchers("/swagger-ui/**")
			.antMatchers("/test/**");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().ignoringAntMatchers("/websocket/**").and()
		.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
		.authenticationEntryPoint(authenticationEntryPoint).and()
		.rememberMe()
			.rememberMeServices(rememberMeServices)
			.rememberMeParameter("remember-me")
			.key(env.getProperty("jhipster.security.rememberme.key")).and()
		.formLogin()
			.loginPage("/login")
			.loginProcessingUrl("/api/authentication")
			.successHandler(ajaxAuthenticationSuccessHandler)
			.failureHandler(ajaxAuthenticationFailureHandler)
			.usernameParameter("j_username")
			.passwordParameter("j_password").permitAll().and()
		.logout()
			.logoutUrl("/api/logout")
			.logoutSuccessHandler(ajaxLogoutSuccessHandler)
			.logoutSuccessUrl("/login")
			.deleteCookies("JSESSIONID").permitAll().and()
		.headers()
			.frameOptions().disable().and()
		.authorizeRequests()
			.antMatchers("/api/register").permitAll()
			.antMatchers("/api/activate").permitAll()
			.antMatchers("/api/authenticate").permitAll()
			.antMatchers("/api/account/reset_password/init").permitAll()
			.antMatchers("/api/account/reset_password/finish").permitAll()
			.antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/api/**").authenticated()
			.antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/websocket/**").permitAll()
			.antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/configprops/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/activiti/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/protected/**").authenticated()
			.antMatchers("/index.html").permitAll();

	}

	@Bean
	public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
		return new SecurityEvaluationContextExtension();
	}

	@Bean
	public LdapTemplate ldapTemplate() {
		return new LdapTemplate(contextSource());
	}

	@Bean LdapProperties ldapProperties(){
		return new LdapProperties();
	}

	@Bean
	public LdapContextSource contextSource() {
		LdapContextSource contextSource = new LdapContextSource();
		contextSource.setUrl(ldapProperties().getUrl());
		contextSource.setBase(ldapProperties().getBase());
		contextSource.setUserDn(ldapProperties().getUserDn());
		contextSource.setPassword(ldapProperties().getPassword());
		return contextSource;
	}
}
	package de.indivon.example.config;

	import java.util.ArrayList;
	import java.util.Collection;

	import javax.inject.Inject;

	import org.springframework.boot.autoconfigure.AutoConfigureBefore;
	import org.springframework.boot.context.properties.EnableConfigurationProperties;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import org.springframework.core.env.Environment;
	import org.springframework.ldap.core.DirContextAdapter;
	import org.springframework.ldap.core.DirContextOperations;
	import org.springframework.ldap.core.LdapTemplate;
	import org.springframework.ldap.core.support.BaseLdapPathContextSource;
	import org.springframework.ldap.core.support.LdapContextSource;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.builders.WebSecurity;
	import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.core.GrantedAuthority;
	import org.springframework.security.core.authority.SimpleGrantedAuthority;
	import org.springframework.security.core.userdetails.UserDetails;
	import org.springframework.security.core.userdetails.UserDetailsService;
	import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	import org.springframework.security.crypto.password.PasswordEncoder;
	import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
	import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
	import org.springframework.security.ldap.search.LdapUserSearch;
	import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
	import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
	import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
	import org.springframework.security.web.authentication.RememberMeServices;
	import org.springframework.security.web.csrf.CsrfFilter;

	import de.indivon.example.config.properties.LdapProperties;
	import de.indivon.example.security.AjaxAuthenticationFailureHandler;
	import de.indivon.example.security.AjaxAuthenticationSuccessHandler;
	import de.indivon.example.security.AjaxLogoutSuccessHandler;
	import de.indivon.example.security.AuthoritiesConstants;
	import de.indivon.example.security.CustomLdapUserDetailsService;
	import de.indivon.example.security.Http401UnauthorizedEntryPoint;
	import de.indivon.example.web.filter.CsrfCookieGeneratorFilter;

	@Configuration
	@EnableConfigurationProperties
	@EnableWebSecurity
	@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
	@AutoConfigureBefore(org.activiti.spring.boot.SecurityAutoConfiguration.class)
	public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Inject
	private Environment env;

	@Inject
	private AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler;

	@Inject
	private AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler;

	@Inject
	private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

	@Inject
	private Http401UnauthorizedEntryPoint authenticationEntryPoint;

	@Inject
	private RememberMeServices rememberMeServices;

	@Bean
	public PasswordEncoder passwordEncoder() {
	return new BCryptPasswordEncoder();
	}

	@Bean
	public CustomLdapUserDetailsService customLdapUserDetailsService() {
	CustomLdapUserDetailsService uds = new CustomLdapUserDetailsService(ldapUserSearch(), ldapAuthoritiesPopulator());
	uds.setUserDetailsMapper(userDetailsContextMapper());
	return uds;
	}

	@Bean
	public UserDetailsService userDetailsService() {
	return customLdapUserDetailsService();
	}

	@Bean
	public UserDetailsContextMapper userDetailsContextMapper() {
	return new UserDetailsContextMapper() {

	@Override
	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
	}

	@Override
	public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
	Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
	grantedAuthorities.addAll(authorities);
	GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(AuthoritiesConstants.USER);
	grantedAuthorities.add(grantedAuthority);
	return new org.springframework.security.core.userdetails.User(username, "1", grantedAuthorities);
	}
	};

	}

	@Bean
	public LdapAuthoritiesPopulator ldapAuthoritiesPopulator() {
	DefaultLdapAuthoritiesPopulator authoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource(), ldapProperties().getGroupSearchBase());
	authoritiesPopulator.setGroupRoleAttribute(ldapProperties().getGroupRoleAttribute());
	authoritiesPopulator.setGroupSearchFilter(ldapProperties().getGroupSearchFilter());
	return authoritiesPopulator;
	}

	@Bean
	public LdapUserSearch ldapUserSearch() {
	String searchBase = ldapProperties().getUserSearchBase();
	String searchFilter = ldapProperties().getUserSearchFilter();
	BaseLdapPathContextSource contextSource = contextSource();
	return new FilterBasedLdapUserSearch(searchBase, searchFilter, contextSource);
	}

	@Inject
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
	auth.ldapAuthentication()
	.userDetailsContextMapper(userDetailsContextMapper())
	.ldapAuthoritiesPopulator(ldapAuthoritiesPopulator())
	.userSearchBase(ldapProperties().getUserSearchBase())
	.userSearchFilter(ldapProperties().getUserSearchFilter())
	.contextSource(contextSource());
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
	web.ignoring()
	.antMatchers("/scripts/*/.{js,html}")
	.antMatchers("/bower_components/**")
	.antMatchers("/i18n/**")
	.antMatchers("/assets/**")
	.antMatchers("/swagger-ui/**")
	.antMatchers("/test/**");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http.csrf().ignoringAntMatchers("/websocket/**").and()
	.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
	.authenticationEntryPoint(authenticationEntryPoint).and()
	.rememberMe()
	.rememberMeServices(rememberMeServices)
	.rememberMeParameter("remember-me")
	.key(env.getProperty("jhipster.security.rememberme.key")).and()
	.formLogin()
	.loginPage("/login")
	.loginProcessingUrl("/api/authentication")
	.successHandler(ajaxAuthenticationSuccessHandler)
	.failureHandler(ajaxAuthenticationFailureHandler)
	.usernameParameter("j_username")
	.passwordParameter("j_password").permitAll().and()
	.logout()
	.logoutUrl("/api/logout")
	.logoutSuccessHandler(ajaxLogoutSuccessHandler)
	.logoutSuccessUrl("/login")
	.deleteCookies("JSESSIONID").permitAll().and()
	.headers()
	.frameOptions().disable().and()
	.authorizeRequests()
	.antMatchers("/api/register").permitAll()
	.antMatchers("/api/activate").permitAll()
	.antMatchers("/api/authenticate").permitAll()
	.antMatchers("/api/account/reset_password/init").permitAll()
	.antMatchers("/api/account/reset_password/finish").permitAll()
	.antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/api/**").authenticated()
	.antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/websocket/**").permitAll()
	.antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/configprops/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/activiti/**").hasAuthority(AuthoritiesConstants.ADMIN)
	.antMatchers("/protected/**").authenticated()
	.antMatchers("/index.html").permitAll();

	}

	@Bean
	public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
	return new SecurityEvaluationContextExtension();
	}

	@Bean
	public LdapTemplate ldapTemplate() {
	return new LdapTemplate(contextSource());
	}

	@Bean LdapProperties ldapProperties(){
	return new LdapProperties();
	}

	@Bean
	public LdapContextSource contextSource() {
	LdapContextSource contextSource = new LdapContextSource();
	contextSource.setUrl(ldapProperties().getUrl());
	contextSource.setBase(ldapProperties().getBase());
	contextSource.setUserDn(ldapProperties().getUserDn());
	contextSource.setPassword(ldapProperties().getPassword());
	return contextSource;
	}
	}