| | |
|---|
| | | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
|---|
| | | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
|---|
| | | import org.springframework.security.config.http.SessionCreationPolicy; |
|---|
| | | import org.springframework.security.web.access.channel.ChannelProcessingFilter; |
|---|
| | | import org.springframework.security.web.authentication.AuthenticationFailureHandler; |
|---|
| | | import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | |
|---|
| | | @EnableWebSecurity |
|---|
| | | public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|---|
| | | public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization"; |
|---|
| | | public static final String AUTHENTICATION_PARAM_NAME = "_token"; |
|---|
| | | public static final String AUTHENTICATION_URL = "/auth/login"; |
|---|
| | | public static final String REFRESH_TOKEN_URL = "/auth/token"; |
|---|
| | | public static final String API_ROOT_URL = "/*/**"; |
|---|
| | | public static final String API_ROOT_URL = "/**/*"; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | private RestAuthenticationEntryPoint authenticationEntryPoint; |
|---|
| | |
|---|
| | | .authorizeRequests() |
|---|
| | | .antMatchers(API_ROOT_URL).authenticated() // Protected API End-points |
|---|
| | | .and() |
|---|
| | | .addFilterBefore(new CustomCorsFilter(), ChannelProcessingFilter.class) |
|---|
| | | .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class) |
|---|
| | | .addFilterBefore(buildLoginProcessingFilter(AUTHENTICATION_URL), UsernamePasswordAuthenticationFilter.class) |
|---|
| | | .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(permitAllEndpointList, |
|---|
| | | API_ROOT_URL), UsernamePasswordAuthenticationFilter.class); |
|---|
