Class WebSecurityConfig

java.lang.Object
com.almis.awe.autoconfigure.WebSecurityConfig

@Configuration @EnableWebSecurity @Import({AweAutoConfiguration.class,SessionConfig.class}) @EnableMethodSecurity(securedEnabled=true) @EnableConfigurationProperties({BaseConfigProperties.class,SecurityConfigProperties.class}) public class WebSecurityConfig extends Object
Web security configuration class. Used to configure security for web application.
  • Constructor Details

    • WebSecurityConfig

      @Autowired public WebSecurityConfig(org.springframework.context.ApplicationContext context, BaseConfigProperties baseConfigProperties, SecurityConfigProperties securityConfigProperties, AweSessionDetails sessionDetails, AweElements elements, ActionService actionService, com.fasterxml.jackson.databind.ObjectMapper objectMapper)
      Web security config constructor.
      Parameters:
      context - Application context
      baseConfigProperties - Base config properties
      securityConfigProperties - Security config properties
      sessionDetails - Session details
      elements - Awe elements
      actionService - Action service
      objectMapper - Object mapper
  • Method Details

    • filterChain

      @Bean(name="aweSecurityFilterChain") public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity) throws Exception
      Awe Rest http security filter chain
      Parameters:
      httpSecurity - Http security
      Returns:
      security filter chain
      Throws:
      Exception - Spring http security error
    • publicQueryMaintainAuthorization

      @Bean @ConditionalOnMissingBean public PublicQueryMaintainAuthorization publicQueryMaintainAuthorization(AweElements elements)
      Query and Maintain public filter. Filter /action/maintain or /action/data to verify if target is public
      Returns:
      PublicQueryMaintainFilter
    • authenticationManager

      @Bean public org.springframework.security.authentication.AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration) throws Exception
      Throws:
      Exception
    • accessDeniedHandler

      @Bean public org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler()
      Access denied handler. Handle forbidden access (403)
      Returns:
      Access denied handler
    • actionAuthenticationEntryPoint

      @Bean public org.springframework.security.web.AuthenticationEntryPoint actionAuthenticationEntryPoint(AweSessionDetails sessionDetails)
      Authentication entry point. Handle exceptions for awe actions
      Parameters:
      sessionDetails - AWE session details
      Returns:
      AuthenticationEntryPoint
    • logoutHandler

      @Bean public AweLogoutHandler logoutHandler(AweSessionDetails sessionDetails)
      Logout handler
      Parameters:
      sessionDetails - AWE session details
      Returns:
      AweLogoutHandler
    • securityContextRepository

      @Bean public org.springframework.security.web.context.HttpSessionSecurityContextRepository securityContextRepository()
    • jsonAuthenticationFilter

      @Bean public JsonAuthenticationFilter jsonAuthenticationFilter(BaseConfigProperties baseConfigProperties, AweElements elements, ActionService actionService, com.fasterxml.jackson.databind.ObjectMapper objectMapper)
      Username and password authentication filter
      Returns:
      Json Authentication filter