feat: improved SecurityConfiguration
This commit is contained in:
parent
bdcff2461c
commit
a957bc6266
1 changed files with 26 additions and 37 deletions
|
@ -1,7 +1,9 @@
|
|||
package com.application.munera;
|
||||
|
||||
import com.application.munera.repositories.UserRepository;
|
||||
import com.application.munera.views.login.LoginView;
|
||||
import com.vaadin.flow.spring.security.VaadinWebSecurity;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
@ -9,64 +11,51 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.provisioning.UserDetailsManager;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
public class SecurityConfiguration
|
||||
extends VaadinWebSecurity {
|
||||
public class SecurityConfiguration extends VaadinWebSecurity {
|
||||
|
||||
@Autowired
|
||||
private UserRepository userRepository;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// Delegating the responsibility of general configurations
|
||||
// of http security to the super class. It's configuring
|
||||
// the followings: Vaadin's CSRF protection by ignoring
|
||||
// framework's internal requests, default request cache,
|
||||
// ignoring public views annotated with @AnonymousAllowed,
|
||||
// restricting access to other views/endpoints, and enabling
|
||||
// NavigationAccessControl authorization.
|
||||
// You can add any possible extra configurations of your own
|
||||
// here (the following is just an example):
|
||||
|
||||
// http.rememberMe().alwaysRemember(false);
|
||||
|
||||
// Configure your static resources with public access before calling
|
||||
// super.configure(HttpSecurity) as it adds final anyRequest matcher
|
||||
http.authorizeHttpRequests(auth -> auth.requestMatchers(new AntPathRequestMatcher("/public/**"))
|
||||
.permitAll());
|
||||
|
||||
super.configure(http);
|
||||
|
||||
// This is important to register your login view to the
|
||||
// navigation access control mechanism:
|
||||
setLoginView(http, LoginView.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(WebSecurity web) throws Exception {
|
||||
// Customize your WebSecurity configuration.
|
||||
super.configure(web);
|
||||
}
|
||||
|
||||
/**
|
||||
* Demo UserDetailsManager which only provides two hardcoded
|
||||
* in memory users and their roles.
|
||||
* NOTE: This shouldn't be used in real world applications.
|
||||
*/
|
||||
@Bean
|
||||
public UserDetailsManager userDetailsService() {
|
||||
UserDetails user =
|
||||
User.withUsername("user")
|
||||
.password("{noop}user")
|
||||
.roles("USER")
|
||||
public UserDetailsManager userDetailsManager() {
|
||||
return new InMemoryUserDetailsManager() {
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
com.application.munera.data.User user = userRepository.findByUsername(username);
|
||||
if (user == null) {
|
||||
throw new UsernameNotFoundException("User not found");
|
||||
}
|
||||
return User.withUsername(user.getUsername())
|
||||
.password(user.getPassword())
|
||||
.roles(user.getRoles().split(","))
|
||||
.build();
|
||||
UserDetails admin =
|
||||
User.withUsername("admin")
|
||||
.password("{noop}admin")
|
||||
.roles("ADMIN")
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(user, admin);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@Bean
|
||||
public static NoOpPasswordEncoder passwordEncoder() {
|
||||
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue