trmsmy/SecurityConfig.java

## SecurityConfig.java
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;

import javax.servlet.DispatcherType;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;

/**
 * Created by virgium on 4/16/15 3:28 PM.
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/static/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilterAfter(j2eePreAuthenticatedProcessingFilter(), J2eePreAuthenticatedProcessingFilter.class)
                .authorizeRequests()
                .antMatchers("/app/users/**").hasRole("ADMIN")
                .antMatchers("/app/**").permitAll()
                .anyRequest().authenticated()
                .accessDecisionManager(accessDecisionManager())
                .and()
                .csrf()
                .disable();
    }

    @Bean
    AffirmativeBased accessDecisionManager() {
        List<AccessDecisionVoter> voters = new ArrayList<>(2);
        voters.add(new RoleVoter());
        voters.add(new WebExpressionVoter());
        AffirmativeBased decisionManager = new AffirmativeBased(voters);
        decisionManager.setAllowIfAllAbstainDecisions(false);
        return decisionManager;
    }

    @Bean
    J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter() throws Exception {
        J2eePreAuthenticatedProcessingFilter filter = new J2eePreAuthenticatedProcessingFilter();
        filter.setAuthenticationManager(authenticationManager());
        filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
        return filter;
    }

    @Bean
    FilterRegistrationBean j2eePreAuthFilterBean() throws Exception {
        // we need to override the mapping of the preauth filter to reduce the number of user lookups
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(j2eePreAuthenticatedProcessingFilter());
        registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class));
        registration.addUrlPatterns("/app/*");
        return registration;
    }

    @Override
    @Bean
    protected AuthenticationManager authenticationManager() throws Exception {
        final List<AuthenticationProvider> providers = new ArrayList<>(1);
        providers.add(preauthAuthProvider());
        return new ProviderManager(providers);
    }

    @Bean
    PreAuthenticatedAuthenticationProvider preauthAuthProvider() throws Exception {
        PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
        provider.setPreAuthenticatedUserDetailsService(userDetailsServiceWrapper());
        return provider;
    }

    @Bean
    UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> userDetailsServiceWrapper() throws Exception {
        UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<>();
        wrapper.setUserDetailsService(userSecurityService());
        return wrapper;
    }

    @Bean
    UserDetailsService userSecurityService() {
        return new UserDetailsServiceImpl();
    }
}
	import org.springframework.boot.context.embedded.FilterRegistrationBean;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import org.springframework.security.access.AccessDecisionVoter;
	import org.springframework.security.access.vote.AffirmativeBased;
	import org.springframework.security.access.vote.RoleVoter;
	import org.springframework.security.authentication.AuthenticationManager;
	import org.springframework.security.authentication.AuthenticationProvider;
	import org.springframework.security.authentication.ProviderManager;
	import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.builders.WebSecurity;
	import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
	import org.springframework.security.core.userdetails.UserDetailsService;
	import org.springframework.security.web.access.expression.WebExpressionVoter;
	import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
	import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
	import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;

	import javax.servlet.DispatcherType;
	import java.util.ArrayList;
	import java.util.EnumSet;
	import java.util.List;

	/**
	* Created by virgium on 4/16/15 3:28 PM.
	*/
	@Configuration
	@EnableWebSecurity
	@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true)
	class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	public void configure(WebSecurity web) throws Exception {
	web
	.ignoring()
	.antMatchers("/static/**");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http
	.addFilterAfter(j2eePreAuthenticatedProcessingFilter(), J2eePreAuthenticatedProcessingFilter.class)
	.authorizeRequests()
	.antMatchers("/app/users/**").hasRole("ADMIN")
	.antMatchers("/app/**").permitAll()
	.anyRequest().authenticated()
	.accessDecisionManager(accessDecisionManager())
	.and()
	.csrf()
	.disable();
	}

	@Bean
	AffirmativeBased accessDecisionManager() {
	List<AccessDecisionVoter> voters = new ArrayList<>(2);
	voters.add(new RoleVoter());
	voters.add(new WebExpressionVoter());
	AffirmativeBased decisionManager = new AffirmativeBased(voters);
	decisionManager.setAllowIfAllAbstainDecisions(false);
	return decisionManager;
	}

	@Bean
	J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter() throws Exception {
	J2eePreAuthenticatedProcessingFilter filter = new J2eePreAuthenticatedProcessingFilter();
	filter.setAuthenticationManager(authenticationManager());
	filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
	return filter;
	}

	@Bean
	FilterRegistrationBean j2eePreAuthFilterBean() throws Exception {
	// we need to override the mapping of the preauth filter to reduce the number of user lookups
	FilterRegistrationBean registration = new FilterRegistrationBean();
	registration.setFilter(j2eePreAuthenticatedProcessingFilter());
	registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class));
	registration.addUrlPatterns("/app/*");
	return registration;
	}

	@Override
	@Bean
	protected AuthenticationManager authenticationManager() throws Exception {
	final List<AuthenticationProvider> providers = new ArrayList<>(1);
	providers.add(preauthAuthProvider());
	return new ProviderManager(providers);
	}

	@Bean
	PreAuthenticatedAuthenticationProvider preauthAuthProvider() throws Exception {
	PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
	provider.setPreAuthenticatedUserDetailsService(userDetailsServiceWrapper());
	return provider;
	}

	@Bean
	UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> userDetailsServiceWrapper() throws Exception {
	UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<>();
	wrapper.setUserDetailsService(userSecurityService());
	return wrapper;
	}

	@Bean
	UserDetailsService userSecurityService() {
	return new UserDetailsServiceImpl();
	}
	}