This repository was archived by the owner on Aug 27, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathSecurityConfiguration.java
More file actions
66 lines (56 loc) · 2.64 KB
/
SecurityConfiguration.java
File metadata and controls
66 lines (56 loc) · 2.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package com.onegini.oidc.security;
import static com.onegini.oidc.IndexController.PAGE_INDEX;
import static com.onegini.oidc.JweWellKnownJwksController.JWKS_KEYS_PATH;
import static com.onegini.oidc.LogoutController.PAGE_LOGOUT;
import static com.onegini.oidc.LogoutController.PAGE_LOCAL_LOGOUT;
import static com.onegini.oidc.LogoutController.PAGE_SIGNOUT_CALLBACK_OIDC;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final String LOGIN_URL = "/login";
@Bean
public AuthenticationEntryPoint authenticationEntryPoint() {
return new LoginUrlAuthenticationEntryPoint(LOGIN_URL);
}
@Bean
public OpenIdConnectAuthenticationFilter openIdConnectAuthenticationFilter() {
return new OpenIdConnectAuthenticationFilter(LOGIN_URL);
}
@Bean
public OAuth2ClientContextFilter oAuth2ClientContextFilter() {
return new OAuth2ClientContextFilter();
}
@Override
public void configure(final WebSecurity web) {
web
.ignoring()
.antMatchers("/static/**", "/favicon.ico");
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.addFilterAfter(oAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
.addFilterAfter(openIdConnectAuthenticationFilter(), OAuth2ClientContextFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.authorizeRequests()
.antMatchers(PAGE_INDEX, PAGE_LOGOUT, PAGE_LOCAL_LOGOUT, PAGE_SIGNOUT_CALLBACK_OIDC, JWKS_KEYS_PATH).permitAll()
.antMatchers("/static/**", "/favicon.ico").permitAll()
.anyRequest().authenticated()
.and()
.headers().frameOptions().sameOrigin()
.and()
.logout()
.logoutUrl(PAGE_LOGOUT)
.logoutSuccessUrl(PAGE_INDEX);
}
}