-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathtokenauth.java
More file actions
executable file
·82 lines (61 loc) · 3.13 KB
/
tokenauth.java
File metadata and controls
executable file
·82 lines (61 loc) · 3.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationProvider authenticationProvider;
@Autowired
private JwtCompanyAuthenticationProvider jwtCompanyAuthenticationProvider;
@Bean
@Override
public AuthenticationManager authenticationManager() throws Exception {
return new ProviderManager(Arrays.asList(jwtCompanyAuthenticationProvider, authenticationProvider));
}
@Bean
public JwtAuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
// match GET and POST under / for authentication.
RequestMatcher getRequestMatcher = new AntPathRequestMatcher("/api/**", HttpMethod.GET.name(), false);
RequestMatcher postRequestMatcher = new AntPathRequestMatcher("/api/**", HttpMethod.POST.name(), false);
RequestMatcher deleteRequestMatcher = new AntPathRequestMatcher("/api/**", HttpMethod.DELETE.name(), false);
RequestMatcher putRequestMatcher = new AntPathRequestMatcher("/api/**", HttpMethod.PUT.name(), false);
// allow /api/login
RequestMatcher notLogin = new NegatedRequestMatcher(
new AntPathRequestMatcher("/api/login**")
);
// allow /api/login/callback
RequestMatcher notCallback = new NegatedRequestMatcher(
new AntPathRequestMatcher("/api/login/callback")
);
RequestMatcher orRequestMatcher = new OrRequestMatcher(getRequestMatcher, postRequestMatcher, deleteRequestMatcher, putRequestMatcher);
RequestMatcher andRequestMatcher = new AndRequestMatcher(notCallback, notLogin, orRequestMatcher);
JwtAuthenticationTokenFilter authenticationTokenFilter = new JwtAuthenticationTokenFilter(andRequestMatcher);
authenticationTokenFilter.setAuthenticationManager(authenticationManager());
authenticationTokenFilter.setAuthenticationSuccessHandler(jwtAuthenticationSuccessHandler());
return authenticationTokenFilter;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/**/*.{js,html}");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.logout().logoutUrl("/logout")
.and()
// errorHandler if authentication/authorisation fails
.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint());
// Custom JWT based security filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public AuthenticationEntryPoint jwtAuthenticationEntryPoint(){
return (httpServletRequest, httpServletResponse, e) ->
httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
@Bean
public AuthenticationSuccessHandler jwtAuthenticationSuccessHandler(){
return (httpServletRequest, httpServletResponse, authentication) -> {
// don't do anything.
};
}
}