Example 6 with WebAuthenticationDetailsSource
use of org.springframework.security.web.authentication.WebAuthenticationDetailsSource in project nzbhydra2 by theotherp.
the class SecurityConfig method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
BaseConfig baseConfig = configProvider.getBaseConfig();
if (configProvider.getBaseConfig().getMain().isUseCsrf()) {
http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
} else {
http.csrf().disable();
}
http.headers().frameOptions().disable();
if (baseConfig.getAuth().getAuthType() == AuthType.BASIC) {
http = http.httpBasic().authenticationDetailsSource(new WebAuthenticationDetailsSource() {
@Override
public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
return new HydraWebAuthenticationDetails(context);
}
}).and().logout().logoutUrl("/logout").and();
} else if (baseConfig.getAuth().getAuthType() == AuthType.FORM) {
http = http.authorizeRequests().antMatchers("/internalapi/userinfos").permitAll().and().formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll().authenticationDetailsSource(new WebAuthenticationDetailsSource() {
@Override
public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
return new HydraWebAuthenticationDetails(context);
}
}).and().logout().permitAll().logoutUrl("/logout").deleteCookies("rememberMe").and();
}
if (baseConfig.getAuth().isAuthConfigured()) {
enableAnonymousAccessIfConfigured(http);
if (baseConfig.getAuth().isRememberUsers()) {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource());
http = http.rememberMe().alwaysRemember(true).tokenValiditySeconds(configProvider.getBaseConfig().getAuth().getRememberMeValidityDays() * SECONDS_PER_DAY).tokenRepository(tokenRepository).and();
}
http.logout().logoutUrl("/logout").logoutSuccessUrl("/").deleteCookies("rememberMe");
}
http.exceptionHandling().accessDeniedHandler(authAndAccessEventHandler);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails)
JdbcTokenRepositoryImpl(org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl)
BaseConfig(org.nzbhydra.config.BaseConfig)
WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource)
Aggregations
WebAuthenticationDetailsSource (org.springframework.security.web.authentication.WebAuthenticationDetailsSource)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5
UserDetails (org.springframework.security.core.userdetails.UserDetails)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
JsonResult (com.odysseusinc.arachne.commons.api.v1.dto.util.JsonResult)1
ExpiredJwtException (io.jsonwebtoken.ExpiredJwtException)1
Cookie (javax.servlet.http.Cookie)1
BaseConfig (org.nzbhydra.config.BaseConfig)1
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1
AuthenticationException (org.springframework.security.core.AuthenticationException)1
WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)1
JdbcTokenRepositoryImpl (org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl)1
