Skip to content

Instantly share code, notes, and snippets.

@trmsmy
Forked from yashpatil/SecurityConfig.java
Created March 2, 2018 15:53
Show Gist options
  • Save trmsmy/d6e21b8d57cce9207b873a30d7a1a01a to your computer and use it in GitHub Desktop.
Save trmsmy/d6e21b8d57cce9207b873a30d7a1a01a to your computer and use it in GitHub Desktop.
Spring Security Java configuration for Pre-authenticated scenario
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import javax.servlet.DispatcherType;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
/**
* Created by virgium on 4/16/15 3:28 PM.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/static/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterAfter(j2eePreAuthenticatedProcessingFilter(), J2eePreAuthenticatedProcessingFilter.class)
.authorizeRequests()
.antMatchers("/app/users/**").hasRole("ADMIN")
.antMatchers("/app/**").permitAll()
.anyRequest().authenticated()
.accessDecisionManager(accessDecisionManager())
.and()
.csrf()
.disable();
}
@Bean
AffirmativeBased accessDecisionManager() {
List<AccessDecisionVoter> voters = new ArrayList<>(2);
voters.add(new RoleVoter());
voters.add(new WebExpressionVoter());
AffirmativeBased decisionManager = new AffirmativeBased(voters);
decisionManager.setAllowIfAllAbstainDecisions(false);
return decisionManager;
}
@Bean
J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter() throws Exception {
J2eePreAuthenticatedProcessingFilter filter = new J2eePreAuthenticatedProcessingFilter();
filter.setAuthenticationManager(authenticationManager());
filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
return filter;
}
@Bean
FilterRegistrationBean j2eePreAuthFilterBean() throws Exception {
// we need to override the mapping of the preauth filter to reduce the number of user lookups
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(j2eePreAuthenticatedProcessingFilter());
registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class));
registration.addUrlPatterns("/app/*");
return registration;
}
@Override
@Bean
protected AuthenticationManager authenticationManager() throws Exception {
final List<AuthenticationProvider> providers = new ArrayList<>(1);
providers.add(preauthAuthProvider());
return new ProviderManager(providers);
}
@Bean
PreAuthenticatedAuthenticationProvider preauthAuthProvider() throws Exception {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
provider.setPreAuthenticatedUserDetailsService(userDetailsServiceWrapper());
return provider;
}
@Bean
UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> userDetailsServiceWrapper() throws Exception {
UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<>();
wrapper.setUserDetailsService(userSecurityService());
return wrapper;
}
@Bean
UserDetailsService userSecurityService() {
return new UserDetailsServiceImpl();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment