use of org.springframework.security.web.authentication.WebAuthenticationDetailsSource in project nzbhydra2 by theotherp.
the class SecurityConfig method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
BaseConfig baseConfig = configProvider.getBaseConfig();
if (configProvider.getBaseConfig().getMain().isUseCsrf()) {
http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
} else {
http.csrf().disable();
}
http.headers().frameOptions().disable();
if (baseConfig.getAuth().getAuthType() == AuthType.BASIC) {
http = http.httpBasic().authenticationDetailsSource(new WebAuthenticationDetailsSource() {
@Override
public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
return new HydraWebAuthenticationDetails(context);
}
}).and().logout().logoutUrl("/logout").and();
} else if (baseConfig.getAuth().getAuthType() == AuthType.FORM) {
http = http.authorizeRequests().antMatchers("/internalapi/userinfos").permitAll().and().formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll().authenticationDetailsSource(new WebAuthenticationDetailsSource() {
@Override
public WebAuthenticationDetails buildDetails(HttpServletRequest context) {
return new HydraWebAuthenticationDetails(context);
}
}).and().logout().permitAll().logoutUrl("/logout").deleteCookies("rememberMe").and();
}
if (baseConfig.getAuth().isAuthConfigured()) {
enableAnonymousAccessIfConfigured(http);
if (baseConfig.getAuth().isRememberUsers()) {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource());
http = http.rememberMe().alwaysRemember(true).tokenValiditySeconds(configProvider.getBaseConfig().getAuth().getRememberMeValidityDays() * SECONDS_PER_DAY).tokenRepository(tokenRepository).and();
}
http.logout().logoutUrl("/logout").logoutSuccessUrl("/").deleteCookies("rememberMe");
}
http.exceptionHandling().accessDeniedHandler(authAndAccessEventHandler);
}
Aggregations