Example 1 with APIKeyAuthFilter
use of alfio.config.authentication.support.APIKeyAuthFilter in project alf.io by alfio-event.
the class APITokenAuthWebSecurity method configure.
// https://stackoverflow.com/a/48448901
@Override
protected void configure(HttpSecurity http) throws Exception {
APIKeyAuthFilter filter = new APIKeyAuthFilter();
filter.setAuthenticationManager(authentication -> {
//
String apiKey = (String) authentication.getPrincipal();
// check if user type ->
User user = userRepository.findByUsername(apiKey).orElseThrow(() -> new BadCredentialsException("Api key " + apiKey + " don't exists"));
if (!user.isEnabled()) {
throw new DisabledException("Api key " + apiKey + " is disabled");
}
if (User.Type.API_KEY != user.getType()) {
throw new WrongAccountTypeException("Wrong account type for username " + apiKey);
}
if (!user.isCurrentlyValid(ZonedDateTime.now(ClockProvider.clock()))) {
throw new DisabledException("Api key " + apiKey + " is expired");
}
return new APITokenAuthentication(authentication.getPrincipal(), authentication.getCredentials(), authorityRepository.findRoles(apiKey).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
});
http.requestMatcher(RequestTypeMatchers::isTokenAuthentication).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable().authorizeRequests().antMatchers(ADMIN_PUBLIC_API + "/**").hasRole(API_CLIENT).antMatchers(ADMIN_API + "/check-in/**").hasAnyRole(OPERATOR, SUPERVISOR).antMatchers(HttpMethod.GET, ADMIN_API + "/events").hasAnyRole(OPERATOR, SUPERVISOR, AuthenticationConstants.SPONSOR).antMatchers(HttpMethod.GET, ADMIN_API + "/user-type", ADMIN_API + "/user/details").hasAnyRole(OPERATOR, SUPERVISOR, AuthenticationConstants.SPONSOR).antMatchers(ADMIN_API + "/**").denyAll().antMatchers(HttpMethod.POST, "/api/attendees/sponsor-scan").hasRole(AuthenticationConstants.SPONSOR).antMatchers(HttpMethod.GET, "/api/attendees/*/ticket/*").hasAnyRole(OPERATOR, SUPERVISOR, API_CLIENT).antMatchers("/**").authenticated().and().addFilter(filter);
}
Also used :
APIKeyAuthFilter(alfio.config.authentication.support.APIKeyAuthFilter)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
User(alfio.model.user.User)
RequestTypeMatchers(alfio.config.authentication.support.RequestTypeMatchers)
APITokenAuthentication(alfio.config.authentication.support.APITokenAuthentication)
DisabledException(org.springframework.security.authentication.DisabledException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
WrongAccountTypeException(alfio.config.authentication.support.WrongAccountTypeException)
Aggregations
APIKeyAuthFilter (alfio.config.authentication.support.APIKeyAuthFilter)1
APITokenAuthentication (alfio.config.authentication.support.APITokenAuthentication)1
RequestTypeMatchers (alfio.config.authentication.support.RequestTypeMatchers)1
WrongAccountTypeException (alfio.config.authentication.support.WrongAccountTypeException)1
User (alfio.model.user.User)1
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1
DisabledException (org.springframework.security.authentication.DisabledException)1
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1
