Package com.almis.awe.autoconfigure
Class WebSecurityConfig
java.lang.Object
com.almis.awe.autoconfigure.WebSecurityConfig
@Configuration
@EnableWebSecurity
@Import({AweAutoConfiguration.class,SessionConfig.class})
@EnableMethodSecurity(securedEnabled=true)
@EnableConfigurationProperties({BaseConfigProperties.class,SecurityConfigProperties.class})
public class WebSecurityConfig
extends Object
Web security configuration class.
Used to configure security for web application.
-
Constructor Summary
ConstructorDescriptionWebSecurityConfig
(org.springframework.context.ApplicationContext context, BaseConfigProperties baseConfigProperties, SecurityConfigProperties securityConfigProperties, AweSessionDetails sessionDetails, AweElements elements, ActionService actionService, com.fasterxml.jackson.databind.ObjectMapper objectMapper) Web security config constructor. -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.web.access.AccessDeniedHandler
Access denied handler.org.springframework.security.web.AuthenticationEntryPoint
actionAuthenticationEntryPoint
(AweSessionDetails sessionDetails) Authentication entry point.org.springframework.security.authentication.AuthenticationManager
authenticationManager
(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration) org.springframework.security.web.SecurityFilterChain
filterChain
(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity) Awe Rest http security filter chainjsonAuthenticationFilter
(BaseConfigProperties baseConfigProperties, AweElements elements, ActionService actionService, com.fasterxml.jackson.databind.ObjectMapper objectMapper) Username and password authentication filterlogoutHandler
(AweSessionDetails sessionDetails) Logout handlerpublicQueryMaintainAuthorization
(AweElements elements) Query and Maintain public filter.org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Constructor Details
-
WebSecurityConfig
@Autowired public WebSecurityConfig(org.springframework.context.ApplicationContext context, BaseConfigProperties baseConfigProperties, SecurityConfigProperties securityConfigProperties, AweSessionDetails sessionDetails, AweElements elements, ActionService actionService, com.fasterxml.jackson.databind.ObjectMapper objectMapper) Web security config constructor.- Parameters:
context
- Application contextbaseConfigProperties
- Base config propertiessecurityConfigProperties
- Security config propertiessessionDetails
- Session detailselements
- Awe elementsactionService
- Action serviceobjectMapper
- Object mapper
-
-
Method Details
-
filterChain
@Bean(name="aweSecurityFilterChain") public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity) throws Exception Awe Rest http security filter chain- Parameters:
httpSecurity
- Http security- Returns:
- security filter chain
- Throws:
Exception
- Spring http security error
-
publicQueryMaintainAuthorization
@Bean @ConditionalOnMissingBean public PublicQueryMaintainAuthorization publicQueryMaintainAuthorization(AweElements elements) Query and Maintain public filter. Filter /action/maintain or /action/data to verify if target is public- Returns:
- PublicQueryMaintainFilter
-
authenticationManager
@Bean public org.springframework.security.authentication.AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration) throws Exception - Throws:
Exception
-
accessDeniedHandler
@Bean public org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler()Access denied handler. Handle forbidden access (403)- Returns:
- Access denied handler
-
actionAuthenticationEntryPoint
@Bean public org.springframework.security.web.AuthenticationEntryPoint actionAuthenticationEntryPoint(AweSessionDetails sessionDetails) Authentication entry point. Handle exceptions for awe actions- Parameters:
sessionDetails
- AWE session details- Returns:
- AuthenticationEntryPoint
-
logoutHandler
Logout handler- Parameters:
sessionDetails
- AWE session details- Returns:
- AweLogoutHandler
-
securityContextRepository
@Bean public org.springframework.security.web.context.HttpSessionSecurityContextRepository securityContextRepository() -
jsonAuthenticationFilter
@Bean public JsonAuthenticationFilter jsonAuthenticationFilter(BaseConfigProperties baseConfigProperties, AweElements elements, ActionService actionService, com.fasterxml.jackson.databind.ObjectMapper objectMapper) Username and password authentication filter- Returns:
- Json Authentication filter
-