mirror of
https://github.com/anthonyraymond/joal.git
synced 2024-09-20 07:16:26 +08:00
Merge pull request #1 from anthonyraymond/laur89/master
- this is a merge from upstream back to PR #1
This commit is contained in:
commit
ac2ae03f21
14
pom.xml
14
pom.xml
|
@ -57,20 +57,12 @@
|
|||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
<exclusions>
|
||||
<!--<exclusion>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-tomcat</artifactId>
|
||||
</exclusion>-->
|
||||
<exclusion>
|
||||
<groupId>org.hibernate.validator</groupId>
|
||||
<artifactId>hibernate-validator</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!--<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-undertow</artifactId>
|
||||
</dependency>-->
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-websocket</artifactId>
|
||||
|
@ -119,17 +111,14 @@
|
|||
<dependency>
|
||||
<groupId>org.apache.commons</groupId>
|
||||
<artifactId>commons-lang3</artifactId>
|
||||
<!--<version>${commons-lang3.version}</version> inherit version from parent -->
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<!--<version>${commons-codec.version}</version> inherit version from parent -->
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.httpcomponents</groupId>
|
||||
<artifactId>fluent-hc</artifactId>
|
||||
<!--<version>${httpclient.version}</version> inherit version from parent -->
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.projectlombok</groupId>
|
||||
|
@ -151,13 +140,11 @@
|
|||
<dependency>
|
||||
<groupId>org.mockito</groupId>
|
||||
<artifactId>mockito-core</artifactId>
|
||||
<!-- Version inherited from spring-boot-starter-test -->
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.assertj</groupId>
|
||||
<artifactId>assertj-core</artifactId>
|
||||
<!--<version>${assertj.version}</version> inherit version from parent -->
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
@ -167,7 +154,6 @@
|
|||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<!--<version>${maven-compiler-plugin.version}</version> inherit version from parent -->
|
||||
<configuration>
|
||||
<source>${java.version}</source>
|
||||
<target>${java.version}</target>
|
||||
|
|
|
@ -2,17 +2,23 @@ package org.araymond.joal.web.config.security;
|
|||
|
||||
import org.araymond.joal.web.annotations.ConditionalOnWebUi;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
/**
|
||||
* Created by raymo on 29/07/2017.
|
||||
*/
|
||||
@ConditionalOnWebUi
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class WebSecurityConfig {
|
||||
private final String pathPrefix;
|
||||
private final boolean shouldDisableFrameOptions;
|
||||
|
||||
|
@ -24,19 +30,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
this.shouldDisableFrameOptions = shouldDisableFrameOptions;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
if (this.shouldDisableFrameOptions) {
|
||||
http.headers().frameOptions().disable();
|
||||
}
|
||||
|
||||
http
|
||||
return http
|
||||
.httpBasic().disable()
|
||||
.formLogin().disable()
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/" + this.pathPrefix).permitAll()
|
||||
.antMatchers("/" + this.pathPrefix + "/ui/**").permitAll()
|
||||
.anyRequest().denyAll();
|
||||
.anyRequest().denyAll()
|
||||
.and().build();
|
||||
}
|
||||
|
||||
// Provide an empty UserDetailService to prevent spring from injecting a default one with a valid random password.
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
return new InMemoryUserDetailsManager();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue