added simultaneous token-based and http basic authentication
This commit is contained in:
Main
@@ -7,7 +7,6 @@ dependencies {
|
||||
|
||||
compile "org.springframework.boot:spring-boot-starter-web:$springBootVersion"
|
||||
compile "org.springframework.boot:spring-boot-starter-security:$springBootVersion"
|
||||
compile "org.springframework.boot:spring-boot-starter-data-mongodb:$springBootVersion"
|
||||
|
||||
testCompile "junit:junit:4.11"
|
||||
}
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
package net.chrisrichardson.eventstore.javaexamples.banking.commonauth;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
|
||||
|
||||
/**
|
||||
* Created by Main on 04.02.2016.
|
||||
*/
|
||||
@Configuration
|
||||
@EnableMongoRepositories
|
||||
@ComponentScan
|
||||
public class CustomerAuthConfiguration {
|
||||
|
||||
@Bean
|
||||
public CustomerAuthService customerAuthService(CustomerAuthRepository customerAuthRepository) {
|
||||
return new CustomerAuthService(customerAuthRepository);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -8,7 +8,6 @@ import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.Auth
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.ErrorResponse;
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.User;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.dao.EmptyResultDataAccessException;
|
||||
import org.springframework.dao.IncorrectResultSizeDataAccessException;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
@@ -49,6 +48,6 @@ public class AuthController {
|
||||
@ResponseStatus(value = HttpStatus.NOT_FOUND)
|
||||
@ExceptionHandler(IncorrectResultSizeDataAccessException.class)
|
||||
public ErrorResponse customersNotFound() {
|
||||
return new ErrorResponse("customers not found");
|
||||
return new ErrorResponse("Customer not found");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
apply plugin: 'java'
|
||||
|
||||
dependencies {
|
||||
compile project(":common-customers")
|
||||
|
||||
compile "org.springframework.boot:spring-boot-starter-web:$springBootVersion"
|
||||
compile "org.springframework.boot:spring-boot-starter-data-mongodb:$springBootVersion"
|
||||
|
||||
compile "org.springframework.security:spring-security-config:4.0.2.RELEASE"
|
||||
compile "org.springframework.security:spring-security-web:4.0.2.RELEASE"
|
||||
|
||||
@@ -1,20 +1,26 @@
|
||||
package net.chrisrichardson.eventstore.javaexamples.banking.commonauth;
|
||||
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.common.customers.QuerySideCustomer;
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.filter.StatelessAuthenticationFilter;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.token.KeyBasedPersistenceTokenService;
|
||||
import org.springframework.security.core.token.TokenService;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
|
||||
@@ -24,6 +30,7 @@ import java.security.SecureRandom;
|
||||
@Configuration
|
||||
@ComponentScan
|
||||
@EnableWebSecurity
|
||||
@EnableMongoRepositories
|
||||
@EnableConfigurationProperties({AuthProperties.class})
|
||||
public class AuthConfiguration extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@@ -33,25 +40,48 @@ public class AuthConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Autowired
|
||||
private TokenAuthenticationService tokenAuthenticationService;
|
||||
|
||||
@Autowired
|
||||
CustomerAuthService customerAuthService;
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
//auth.inMemoryAuthentication();
|
||||
auth.userDetailsService(userDetailsServiceBean());
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserDetailsService userDetailsServiceBean() {
|
||||
return email -> {
|
||||
QuerySideCustomer customer = customerAuthService.findByEmail(email);
|
||||
if (customer != null) {
|
||||
return new User(email, "", true, true, true, true,
|
||||
AuthorityUtils.createAuthorityList("USER"));
|
||||
} else {
|
||||
throw new UsernameNotFoundException(String.format("could not find the customer '%s'", email));
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@Bean
|
||||
public CustomerAuthService customerAuthService(CustomerAuthRepository customerAuthRepository) {
|
||||
return new CustomerAuthService(customerAuthRepository);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable()
|
||||
.httpBasic().and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/index.html", "/", "/**.js", "/**.css").permitAll()
|
||||
.antMatchers(HttpMethod.POST, "/customers", "/login").permitAll()
|
||||
.anyRequest().authenticated().and()
|
||||
.addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);
|
||||
.addFilterAfter(new StatelessAuthenticationFilter(tokenAuthenticationService), BasicAuthenticationFilter.class);
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
||||
@@ -23,10 +23,11 @@ public class StatelessAuthenticationFilter extends GenericFilterBean {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
SecurityContextHolder.getContext().setAuthentication(
|
||||
tokenAuthenticationService.getAuthentication((HttpServletRequest) req));
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
|
||||
if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
|
||||
SecurityContextHolder.getContext().setAuthentication(
|
||||
tokenAuthenticationService.getAuthentication((HttpServletRequest) req));
|
||||
}
|
||||
chain.doFilter(req, res);
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
package net.chrisrichardson.eventstore.javaexamples.banking.web;
|
||||
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.CustomerAuthConfiguration;
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.AuthConfiguration;
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.accounts.CommandSideWebAccountsConfiguration;
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.customers.CustomersCommandSideWebConfiguration;
|
||||
import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.transactions.CommandSideWebTransactionsConfiguration;
|
||||
@@ -19,7 +19,7 @@ import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
@Import({CommandSideWebAccountsConfiguration.class, CommandSideWebTransactionsConfiguration.class, JdbcEventStoreConfiguration.class, QuerySideWebConfiguration.class, CustomersQuerySideWebConfiguration.class, CustomersCommandSideWebConfiguration.class, CustomerAuthConfiguration.class})
|
||||
@Import({CommandSideWebAccountsConfiguration.class, CommandSideWebTransactionsConfiguration.class, JdbcEventStoreConfiguration.class, QuerySideWebConfiguration.class, CustomersQuerySideWebConfiguration.class, CustomersCommandSideWebConfiguration.class, AuthConfiguration.class})
|
||||
@EnableAutoConfiguration
|
||||
@ComponentScan
|
||||
public class BankingWebConfiguration extends WebMvcConfigurerAdapter {
|
||||
|
||||
Reference in New Issue
Block a user