Search in sources :

Example 1 with AwsCognitoSecurityContextRepository

use of com.vsct.vboard.config.cognito.AwsCognitoSecurityContextRepository in project vboard by voyages-sncf-technologies.

the class WebSecurityConfig method configure.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionAuthenticationStrategy(SESSION_AUTH_STRATEGY).sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/pins/vblog").permitAll();
    if (KeycloakEnabledInEnv.evaluate()) {
        http.authenticationProvider(new KeycloakAuthenticationProvider());
        configureKeycloakSecurity(http);
    } else if (awsCognitoConfig.isEnabled()) {
        http.authenticationProvider(new AwsCognitoAuthenticationProvider(awsCognitoConfig)).securityContext().securityContextRepository(new AwsCognitoSecurityContextRepository(awsCognitoConfig));
    }
    if (isAuthEnabled()) {
        http.authorizeRequests().requestMatchers(new AntPathRequestMatcher("/**", "OPTIONS")).permitAll().requestMatchers(new AntPathRequestMatcher("/**", "GET")).permitAll().requestMatchers(new AntPathRequestMatcher("/pins/url", "POST")).permitAll().antMatchers("/**").authenticated();
    } else {
        http.authorizeRequests().antMatchers("/**").permitAll();
    }
}
Also used : AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AwsCognitoAuthenticationProvider(com.vsct.vboard.config.cognito.AwsCognitoAuthenticationProvider) AwsCognitoSecurityContextRepository(com.vsct.vboard.config.cognito.AwsCognitoSecurityContextRepository) KeycloakAuthenticationProvider(org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider)

Aggregations

AwsCognitoAuthenticationProvider (com.vsct.vboard.config.cognito.AwsCognitoAuthenticationProvider)1 AwsCognitoSecurityContextRepository (com.vsct.vboard.config.cognito.AwsCognitoSecurityContextRepository)1 KeycloakAuthenticationProvider (org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider)1 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)1