christoph/lecture-professional-software-development
1
Fork 0
Code Activity

Delete SecurityConfig.java

Browse Source
This commit is contained in:
killerber4t
2020-03-04 14:12:45 +01:00
committed by GitHub
parent e1ad60ef0b
commit 3ce45523ba
1 changed files with 0 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
src/main/java/mops/gruppen2/SecurityConfig.java
View File

@ -1,81 +0,0 @@
package mops.gruppen2;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.representations.AccessToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.*;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
KeycloakAuthenticationProvider keycloakAuthenticationProvider
= keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(
new SessionRegistryImpl());
}
@Bean
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
proxyMode = ScopedProxyMode.TARGET_CLASS)
public AccessToken getAccessToken() {
HttpServletRequest request =
((ServletRequestAttributes) RequestContextHolder
.currentRequestAttributes()).getRequest();
return ((KeycloakPrincipal) request.getUserPrincipal())
.getKeycloakSecurityContext().getToken();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/actuator/**")
.hasRole("monitoring")
.anyRequest()
.permitAll();
}
/**
* Declaring this class enables us to use the Spring specific
* {@link org.springframework.security.access.annotation.Secured} annotation
* or the JSR-250 Java Standard
* {@link javax.annotation.security.RolesAllowed} annotation
* for Role-based authorization
*/
@Configuration
@EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
public static class MethodSecurityConfig
extends GlobalMethodSecurityConfiguration {
}
}