11package example ;
22
3- import java .util .ArrayList ;
4- import java .util .Arrays ;
5- import java .util .Collection ;
6- import java .util .HashSet ;
7- import java .util .List ;
8- import java .util .Map ;
9- import java .util .Set ;
10- import java .util .concurrent .ConcurrentHashMap ;
11-
3+ import example .xauth .XAuthTokenConfigurer ;
124import org .springframework .boot .SpringApplication ;
135import org .springframework .boot .autoconfigure .EnableAutoConfiguration ;
146import org .springframework .context .annotation .Bean ;
157import org .springframework .context .annotation .ComponentScan ;
168import org .springframework .context .annotation .Configuration ;
179import org .springframework .core .annotation .Order ;
1810import org .springframework .security .authentication .AuthenticationManager ;
11+ import org .springframework .security .config .annotation .SecurityConfigurer ;
1912import org .springframework .security .config .annotation .authentication .builders .AuthenticationManagerBuilder ;
2013import org .springframework .security .config .annotation .web .builders .HttpSecurity ;
2114import org .springframework .security .config .annotation .web .configuration .EnableWebSecurity ;
2720import org .springframework .security .core .userdetails .UserDetails ;
2821import org .springframework .security .core .userdetails .UserDetailsService ;
2922import org .springframework .security .core .userdetails .UsernameNotFoundException ;
23+ import org .springframework .security .web .DefaultSecurityFilterChain ;
3024import org .springframework .web .bind .annotation .PathVariable ;
3125import org .springframework .web .bind .annotation .RequestMapping ;
3226import org .springframework .web .bind .annotation .RestController ;
3327
34- import example .xauth .XAuthTokenConfigurer ;
28+ import java .util .*;
29+ import java .util .concurrent .ConcurrentHashMap ;
3530
3631@ ComponentScan
3732@ EnableAutoConfiguration
3833public class Application {
3934
40- public static void main (String [] args ) {
41- SpringApplication .run (Application .class , args );
42- }
35+ public static void main (String [] args ) {
36+ SpringApplication .run (Application .class , args );
37+ }
4338}
4439
4540@ EnableWebMvcSecurity
@@ -48,158 +43,160 @@ public static void main(String[] args) {
4843@ Order
4944class WebSecurityConfig extends WebSecurityConfigurerAdapter {
5045
51- @ Override
52- protected void configure (HttpSecurity http ) throws Exception {
53-
54- http .csrf ().disable ();
55- http .sessionManagement ().sessionCreationPolicy (SessionCreationPolicy .STATELESS );
56-
57- String [] restEndpointsToSecure = { NewsController .NEWS_COLLECTION };
58- for (String endpoint : restEndpointsToSecure ) {
59- http .authorizeRequests ().antMatchers ("/" + endpoint + "/**" ).hasRole (CustomUserDetailsService .ROLE_USER );
60- }
61-
62- http .apply (new XAuthTokenConfigurer (userDetailsServiceBean ()));
63- }
64-
65- @ Override
66- protected void configure (AuthenticationManagerBuilder authManagerBuilder ) throws Exception {
67- authManagerBuilder .userDetailsService (new CustomUserDetailsService ());
68- }
69-
70- @ Bean
71- @ Override
72- public UserDetailsService userDetailsServiceBean () throws Exception {
73- return super .userDetailsServiceBean ();
74- }
75-
76- @ Bean
77- @ Override
78- public AuthenticationManager authenticationManagerBean () throws Exception {
79- return super .authenticationManagerBean ();
80- }
46+ @ Override
47+ protected void configure (HttpSecurity http ) throws Exception {
48+
49+ http .csrf ().disable ();
50+ http .sessionManagement ().sessionCreationPolicy (SessionCreationPolicy .STATELESS );
51+
52+ String [] restEndpointsToSecure = {NewsController .NEWS_COLLECTION };
53+ for (String endpoint : restEndpointsToSecure ) {
54+ http .authorizeRequests ().antMatchers ("/" + endpoint + "/**" ).hasRole (CustomUserDetailsService .ROLE_USER );
55+ }
56+
57+ SecurityConfigurer <DefaultSecurityFilterChain , HttpSecurity > securityConfigurerAdapter = new XAuthTokenConfigurer (userDetailsServiceBean ());
58+ http .apply (securityConfigurerAdapter );
59+ }
60+
61+ @ Override
62+ protected void configure (AuthenticationManagerBuilder authManagerBuilder ) throws Exception {
63+ authManagerBuilder .userDetailsService (new CustomUserDetailsService ());
64+ }
65+
66+ @ Bean
67+ @ Override
68+ public UserDetailsService userDetailsServiceBean () throws Exception {
69+ return super .userDetailsServiceBean ();
70+ }
71+
72+ @ Bean
73+ @ Override
74+ public AuthenticationManager authenticationManagerBean () throws Exception {
75+ return super .authenticationManagerBean ();
76+ }
8177}
8278
8379class CustomUserDetailsService implements UserDetailsService {
8480
85- public static final String ROLE_ADMIN = "ADMIN" ;
86- public static final String ROLE_USER = "USER" ;
87-
88- @ SuppressWarnings ("serial" )
89- static class SimpleUserDetails implements UserDetails {
90-
91- private String username ;
92- private String password ;
93- private boolean enabled = true ;
94- private Set <GrantedAuthority > authorities = new HashSet <GrantedAuthority >();
95-
96- public SimpleUserDetails (String username , String pw , String ... extraRoles ) {
97- this .username = username ;
98- this .password = pw ;
99-
100- // setup roles
101- Set <String > roles = new HashSet <String >();
102- roles .addAll (Arrays .<String > asList (null == extraRoles ? new String [0 ] : extraRoles ));
103-
104- // export them as part of authorities
105- for (String r : roles )
106- authorities .add (new SimpleGrantedAuthority (role (r )));
107-
108- }
109-
110- public String toString () {
111- return "{enabled:" + isEnabled () + ", username:'" + getUsername () + "', password:'" + getPassword () + "'}" ;
112- }
113-
114- @ Override
115- public boolean isEnabled () {
116- return this .enabled ;
117- }
118-
119- @ Override
120- public boolean isCredentialsNonExpired () {
121- return this .enabled ;
122- }
123-
124- @ Override
125- public boolean isAccountNonLocked () {
126- return this .enabled ;
127- }
128-
129- @ Override
130- public boolean isAccountNonExpired () {
131- return this .enabled ;
132- }
133-
134- @ Override
135- public String getUsername () {
136- return this .username ;
137- }
138-
139- @ Override
140- public String getPassword () {
141- return this .password ;
142- }
143-
144- private String role (String i ) {
145- return "ROLE_" + i ;
146- }
147-
148- @ Override
149- public Collection <? extends GrantedAuthority > getAuthorities () {
150- return this .authorities ;
151- }
152- }
153-
154- private List <UserDetails > details = Arrays .<UserDetails > asList (new SimpleUserDetails ("user" , "user" , ROLE_USER ), new SimpleUserDetails ("admin" , "admin" , ROLE_USER , ROLE_ADMIN ));
155-
156- @ Override
157- public UserDetails loadUserByUsername (String username ) throws UsernameNotFoundException {
158- for (UserDetails details : this .details )
159- if (details .getUsername ().equalsIgnoreCase (username ))
160- return details ;
161-
162- return null ;
163- }
81+ public static final String ROLE_ADMIN = "ADMIN" ;
82+ public static final String ROLE_USER = "USER" ;
83+
84+ @ SuppressWarnings ("serial" )
85+ static class SimpleUserDetails implements UserDetails {
86+
87+ private String username ;
88+ private String password ;
89+ private boolean enabled = true ;
90+ private Set <GrantedAuthority > authorities = new HashSet <GrantedAuthority >();
91+
92+ public SimpleUserDetails (String username , String pw , String ... extraRoles ) {
93+ this .username = username ;
94+ this .password = pw ;
95+
96+ // setup roles
97+ Set <String > roles = new HashSet <String >();
98+ roles .addAll (Arrays .<String >asList (null == extraRoles ? new String [0 ] : extraRoles ));
99+
100+ // export them as part of authorities
101+ for (String r : roles ) {
102+ authorities .add (new SimpleGrantedAuthority (role (r )));
103+ }
104+
105+ }
106+
107+ public String toString () {
108+ return "{enabled:" + isEnabled () + ", username:'" + getUsername () + "', password:'" + getPassword () + "'}" ;
109+ }
110+
111+ @ Override
112+ public boolean isEnabled () {
113+ return this .enabled ;
114+ }
115+
116+ @ Override
117+ public boolean isCredentialsNonExpired () {
118+ return this .enabled ;
119+ }
120+
121+ @ Override
122+ public boolean isAccountNonLocked () {
123+ return this .enabled ;
124+ }
125+
126+ @ Override
127+ public boolean isAccountNonExpired () {
128+ return this .enabled ;
129+ }
130+
131+ @ Override
132+ public String getUsername () {
133+ return this .username ;
134+ }
135+
136+ @ Override
137+ public String getPassword () {
138+ return this .password ;
139+ }
140+
141+ private String role (String i ) {
142+ return "ROLE_" + i ;
143+ }
144+
145+ @ Override
146+ public Collection <? extends GrantedAuthority > getAuthorities () {
147+ return this .authorities ;
148+ }
149+ }
150+
151+ private List <UserDetails > details = Arrays .<UserDetails >asList (new SimpleUserDetails ("user" , "user" , ROLE_USER ), new SimpleUserDetails ("admin" , "admin" , ROLE_USER , ROLE_ADMIN ));
152+
153+ @ Override
154+ public UserDetails loadUserByUsername (String username ) throws UsernameNotFoundException {
155+ for (UserDetails details : this .details )
156+ if (details .getUsername ().equalsIgnoreCase (username ))
157+ return details ;
158+
159+ return null ;
160+ }
164161}
165162
166163@ RestController
167164class NewsController {
168- private Map <Long , NewsEntry > entries = new ConcurrentHashMap <Long , NewsEntry >();
169-
170- public static final String NEWS_COLLECTION = "news" ;
171-
172- @ RequestMapping ("/" + NEWS_COLLECTION )
173- public Collection <NewsEntry > entries () {
174- return this .entries .values ();
175- }
176-
177- @ RequestMapping ("/" + NEWS_COLLECTION + "/{id}" )
178- public NewsEntry entry (@ PathVariable Long id ) {
179- return this .entries .get (id );
180- }
181-
182- public NewsController () {
183- for (long i = 0 ; i < 5 ; i ++)
184- this .entries .put (i , new NewsEntry (i , "Title #" + i ));
185- }
186-
187- public static class NewsEntry {
188- private long id ;
189- private String content ;
190-
191- public NewsEntry (long id , String b ) {
192- this .id = id ;
193- this .content = b ;
194- }
195-
196- public long getId () {
197- return this .id ;
198- }
199-
200- public String getContent () {
201- return this .content ;
202- }
203- }
165+ private Map <Long , NewsEntry > entries = new ConcurrentHashMap <Long , NewsEntry >();
166+
167+ public static final String NEWS_COLLECTION = "news" ;
168+
169+ @ RequestMapping ("/" + NEWS_COLLECTION )
170+ public Collection <NewsEntry > entries () {
171+ return this .entries .values ();
172+ }
173+
174+ @ RequestMapping ("/" + NEWS_COLLECTION + "/{id}" )
175+ public NewsEntry entry (@ PathVariable Long id ) {
176+ return this .entries .get (id );
177+ }
178+
179+ public NewsController () {
180+ for (long i = 0 ; i < 5 ; i ++)
181+ this .entries .put (i , new NewsEntry (i , "Title #" + i ));
182+ }
183+
184+ public static class NewsEntry {
185+ private long id ;
186+ private String content ;
187+
188+ public NewsEntry (long id , String b ) {
189+ this .id = id ;
190+ this .content = b ;
191+ }
192+
193+ public long getId () {
194+ return this .id ;
195+ }
196+
197+ public String getContent () {
198+ return this .content ;
199+ }
200+ }
204201
205202}
0 commit comments