use of org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter in project molgenis by molgenis.
the class MolgenisWebAppSecurityConfig method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
// do not write cache control headers for static resources
RequestMatcher matcher = new NegatedRequestMatcher(new OrRequestMatcher(new AntPathRequestMatcher(PATTERN_CSS), new AntPathRequestMatcher(PATTERN_JS), new AntPathRequestMatcher(PATTERN_IMG), new AntPathRequestMatcher(PATTERN_FONTS)));
DelegatingRequestMatcherHeaderWriter cacheControlHeaderWriter = new DelegatingRequestMatcherHeaderWriter(matcher, new CacheControlHeadersWriter());
http.sessionManagement().invalidSessionStrategy(invalidSessionStrategy());
// add default header options but use custom cache control header writer
http.headers().contentTypeOptions().and().xssProtection().and().httpStrictTransportSecurity().and().frameOptions().and().addHeaderWriter(cacheControlHeaderWriter);
http.addFilterBefore(anonymousAuthFilter(), AnonymousAuthenticationFilter.class);
http.authenticationProvider(anonymousAuthenticationProvider());
http.authenticationProvider(tokenAuthenticationProvider());
http.authenticationProvider(runAsAuthenticationProvider());
http.addFilterBefore(tokenAuthenticationFilter(), AnonymousAuthenticationFilter.class);
http.addFilterBefore(googleAuthenticationProcessingFilter(), TokenAuthenticationFilter.class);
http.addFilterAfter(changePasswordFilter(), SwitchUserFilter.class);
http.addFilterAfter(twoFactorAuthenticationFilter(), MolgenisChangePasswordFilter.class);
http.authenticationProvider(twoFactorAuthenticationProvider());
http.authenticationProvider(recoveryAuthenticationProvider());
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry = http.authorizeRequests();
configureUrlAuthorization(expressionInterceptUrlRegistry);
expressionInterceptUrlRegistry.antMatchers(MolgenisLoginController.URI).permitAll().antMatchers(TwoFactorAuthenticationController.URI + "/**").permitAll().antMatchers(GOOGLE_AUTHENTICATION_URL).permitAll().antMatchers("/beacon/**").permitAll().antMatchers("/logo/**").permitAll().antMatchers("/molgenis.py").permitAll().antMatchers("/molgenis.R").permitAll().antMatchers(AccountController.CHANGE_PASSWORD_URI).authenticated().antMatchers("/account/**").permitAll().antMatchers(PATTERN_SWAGGER).permitAll().antMatchers(PATTERN_CSS).permitAll().antMatchers(PATTERN_IMG).permitAll().antMatchers(PATTERN_JS).permitAll().antMatchers(PATTERN_FONTS).permitAll().antMatchers("/html/**").permitAll().antMatchers("/plugin/void/**").permitAll().antMatchers("/api/**").permitAll().antMatchers("/webjars/**").permitAll().antMatchers("/search").permitAll().antMatchers("/captcha").permitAll().antMatchers("/dataindexerstatus").authenticated().antMatchers("/permission/**/read/**").permitAll().antMatchers("/permission/**/write/**").permitAll().antMatchers("/scripts/**/run").authenticated().antMatchers("/scripts/**/start").authenticated().antMatchers("/files/**").permitAll().antMatchers('/' + PATH_SEGMENT_APPS + "/**").permitAll().anyRequest().denyAll().and().httpBasic().authenticationEntryPoint(authenticationEntryPoint()).and().formLogin().loginPage(MolgenisLoginController.URI).failureUrl(MolgenisLoginController.URI + "?error").and().logout().deleteCookies("JSESSIONID").addLogoutHandler((req, res, auth) -> {
if (req.getSession(false) != null && req.getSession().getAttribute("continueWithUnsupportedBrowser") != null) {
req.setAttribute("continueWithUnsupportedBrowser", true);
}
}).logoutSuccessHandler((req, res, auth) -> {
StringBuilder logoutSuccessUrl = new StringBuilder("/");
if (req.getAttribute("continueWithUnsupportedBrowser") != null) {
logoutSuccessUrl.append("?continueWithUnsupportedBrowser=true");
}
SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
logoutSuccessHandler.setDefaultTargetUrl(logoutSuccessUrl.toString());
logoutSuccessHandler.onLogoutSuccess(req, res, auth);
}).and().csrf().disable();
}
Aggregations