java source code of BaseWebSecurityConfig

jump-the-queue-master
- CONTRIBUTING_GUIDE.asciidoc
- angular
  - devon.json
  - src
    - tsconfig.spec.json
    - styles.css
    - tslint.json
    - theme.scss
    - favicon.ico
    - polyfills.ts
    - browserslist
    - tsconfig.app.json
    - main.ts
    - index.html
    - test.ts
    - app
      - app.component.css
      - app.component.html
      - view-queue
        view-queue.component.ts
        services
        queue.service.ts
        access-code.service.spec.ts
        access-code.service.ts
        queue.service.spec.ts
        view-queue.component.html
        view-queue.component.css
        view-queue.component.spec.ts
      - app.component.spec.ts
      - layout
        header
        header.component.html
        header.component.spec.ts
        header.component.ts
        header.component.css
      - config.ts
      - form-login
        form-login.component.spec.ts
        form-login-module.ts
        form-login.component.html
        form-login.component.css
        components
        login
        login.component.css
        services
        login.service.ts
        login.component.spec.ts
        login.component.html
        login.component.ts
        login-module.ts
        form-login.component.ts
      - app-routing.module.ts
      - app.module.ts
      - app.component.ts
      - register
        services
        register.service.spec.ts
        register.service.ts
        register.component.spec.ts
        register.component.html
        register.component.css
        register.component.ts
      - core
        authentication
        auth-guard.service.spec.ts
        auth.service.spec.ts
        auth.service.ts
        auth-guard.service.ts
      - shared
        backendModels
        interfaces.ts
        core.module.ts
    - environments
      - environment.ts
      - environment.prod.ts
    - assets
      - images
      - .gitkeep
  - tslint.json
  - e2e
    - src
      - app.e2e-spec.ts
      - app.po.ts
    - tsconfig.e2e.json
  - .editorconfig
  - README.md
  - package.json
  - angular.json
  - tsconfig.json
  - .gitignore
- LICENSE
- CODE_OF_CONDUCT.asciidoc
- documentation
  - devon4j-adding-custom-functionality.asciidoc
  - devon4ng-adding-custom-functionality.asciidoc
  - devon4j-layers.asciidoc
  - an-devon4j-application.asciidoc
  - build-devon4ng-application.asciidoc
  - jump-the-queue-design.asciidoc
  - devonfw-intro.asciidoc
  - devon4ng-components.asciidoc
  - build-devon4j-application.asciidoc
  - images
    - oasp4fn
      - 1.Introduction
      - 3.BuildYourOwn
    - tutorialsources
    - devon4j
      - 7.Validations
      - 1.Overview
      - 8.Testing
      - 2.Example_app
      - 5.Layers
      - 4.Components
      - 6.Customizations
      - 10.IdeSetup
        gitforwindows-install.jpg
        adoptopenjdk-install.jpg
      - 9.Deployment
      - 3.BuildYourOwn
    - devon
    - devon4ng
      - 2.Example_app
        authentication.jpg
        app_structure.jpg
        project_main_files.jpg
        price_calculator.jpg
        menu_cards.jpg
        authorization_header.jpg
        waiter_cockpit.jpg
        book_table.jpg
      - 7.IdeSetup
        gitforwindows-install.jpg
        adoptopenjdk-install.jpg
      - 1.Intro
        flex_box.jpeg
      - 5.Angular_Services
      - 3.BuildYourOwn
        root_router.jpg
        root_header.jpg
      - 6.Deployment
        dist_folder.jpg
    - jumpthequeue
  - devon4j-testing.asciidoc
  - _Footer.md
  - OASP4FnDeployment.asciidoc
  - devon4ng-deployment.asciidoc
  - devon4j-deployment.asciidoc
  - OASP4FnIntroduction.asciidoc
  - Home.asciidoc
  - devon4j-components.asciidoc
  - devon4j-ide-setup.asciidoc
  - devon4ng-ide-setup.asciidoc
  - devon4ng-introduction.asciidoc
  - _Sidebar.asciidoc
  - an-devon4ng-application.asciidoc
  - devonfw-ide-setup.asciidoc
  - devon4ng-services.asciidoc
  - devon4j-validations.asciidoc
  - devon4j-creating-a-project.asciidoc
  - BuildOASP4FnApplication.asciidoc
  - OASP4FnTesting.asciidoc
  - devon4j-overview.asciidoc
- java
  - jtqj
    - devon.json
    - src
      - main
        resources
        db
        migration
        h2
        V0002__Add_batch_tables.sql
        java
        com
        devonfw
        application
        jtqj
        SpringBootBatchApp.java
        general
        batch
        impl
        config
        BeansBatchConfig.java
      - test
        java
        com
        devonfw
        application
        jtqj
        general
        common
        base
        test
        TestUtil.java
        batch
        base
        test
        SpringBatchIntegrationTest.java
    - pom.xml
    - api
      - src
        main
        java
        com
        devonfw
        application
        jtqj
        queuemanagement
        logic
        api
        Queuemanagement.java
        usecase
        UcManageQueue.java
        UcFindQueue.java
        to
        QueueSearchCriteriaTo.java
        QueueEto.java
        common
        api
        Queue.java
        service
        api
        rest
        QueuemanagementRestService.java
        visitormanagement
        logic
        api
        Visitormanagement.java
        usecase
        UcFindVisitor.java
        UcManageVisitor.java
        to
        VisitorSearchCriteriaTo.java
        VisitorEto.java
        common
        api
        Visitor.java
        service
        api
        rest
        VisitormanagementRestService.java
        accesscodemanagement
        logic
        api
        usecase
        UcFindAccessCode.java
        UcManageAccessCode.java
        to
        AccessCodeEto.java
        AccessCodeSearchCriteriaTo.java
        AccessCodeCto.java
        Accesscodemanagement.java
        common
        api
        AccessCode.java
        service
        api
        rest
        AccesscodemanagementRestService.java
        general
        logic
        api
        to
        BinaryObjectEto.java
        common
        api
        BinaryObject.java
        exception
        ApplicationBusinessException.java
        NoActiveUserException.java
        ApplicationException.java
        ApplicationTechnicalException.java
        ApplicationEntity.java
        validation
        Phone.java
        EmailExtended.java
        UserProfile.java
        NlsBundleApplicationRoot.java
        to
        AbstractSearchCriteriaTo.java
        UserProfileTo.java
        service
        api
        rest
        SecurityRestService.java
      - pom.xml
      - bin
        pom.xml
    - server
      - src
        main
        resources
        logback.xml
      - pom.xml
      - bin
        src
        main
        resources
        logback.xml
        pom.xml
    - core
      - src
        main
        resources
        db
        migration
        1.0
        V0008__Master_Data.sql
        V0004__Add_blob_data.sql
        type
        h2
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0007__Create_Access_Code.sql
        V0006__Create_Queue.sql
        V0001__Create_Sequence.sql
        V0005__Create_Visitor.sql
        mssql
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        oracle
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        mysql
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        hana
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        postgresql
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        config
        app
        security
        access-control-schema.xml
        common
        dozer-mapping.xml
        dataaccess
        NamedQueries.xml
        application.properties
        META-INF
        orm.xml
        cxf
        org.apache.cxf.Logger
        application.properties
        static
        index.html
        java
        com
        devonfw
        application
        jtqj
        queuemanagement
        logic
        impl
        usecase
        UcManageQueueImpl.java
        UcFindQueueImpl.java
        QueuemanagementImpl.java
        base
        usecase
        AbstractQueueUc.java
        dataaccess
        api
        QueueEntity.java
        repo
        QueueRepository.java
        service
        impl
        rest
        QueuemanagementRestServiceImpl.java
        visitormanagement
        logic
        impl
        VisitormanagementImpl.java
        usecase
        UcManageVisitorImpl.java
        UcFindVisitorImpl.java
        base
        usecase
        AbstractVisitorUc.java
        dataaccess
        api
        VisitorEntity.java
        repo
        VisitorRepository.java
        service
        impl
        rest
        VisitormanagementRestServiceImpl.java
        SpringBootApp.java
        accesscodemanagement
        logic
        impl
        usecase
        UcManageAccessCodeImpl.java
        UcFindAccessCodeImpl.java
        AccesscodemanagementImpl.java
        base
        usecase
        AbstractAccessCodeUc.java
        dataaccess
        api
        AccessCodeEntity.java
        repo
        AccessCodeRepository.java
        service
        impl
        rest
        AccesscodemanagementRestServiceImpl.java
        general
        logic
        impl
        UcManageBinaryObjectImpl.java
        config
        DefaultRolesPrefixPostProcessor.java
        base
        AbstractComponentFacade.java
        AbstractLogic.java
        AbstractUc.java
        api
        UcManageBinaryObject.java
        common
        impl
        security
        BaseUserDetailsService.java
        CsrfRequestMatcher.java
        config
        CsrfTokenImpl.java
        ApplicationObjectMapperFactory.java
        BeansDozerConfig.java
        base
        AbstractBeanMapperSupport.java
        api
        security
        ApplicationAccessControlConfig.java
        ApplicationEntity.java
        dataaccess
        api
        dao
        BinaryObjectRepository.java
        ApplicationPersistenceEntity.java
        BinaryObjectEntity.java
        service
        impl
        LoginController.java
        config
        WebConfig.java
        ServletInitializer.java
        WebSecurityBeansConfig.java
        BaseWebSecurityConfig.java
        WebSecurityConfig.java
        rest
        ApplicationAccessDeniedHandler.java
        SecurityRestServiceImpl.java
        test
        resources
        config
        application.properties
        java
        com
        devonfw
        application
        jtqj
        visitormanagement
        logic
        impl
        VisitormanagementTest.java
        general
        common
        impl
        config
        TestWebSecurityConfig.java
        base
        PermissionCheckTest.java
        Devon4jPackageCheckTest.java
        test
        DbTestHelper.java
        ApplicationSubsystemTest.java
        TestUtil.java
        ApplicationComponentTest.java
        AccessControlSchemaXmlValidationTest.java
        service
        impl
        rest
        SecurityRestServiceImplTest.java
        base
        test
        RestServiceTest.java
      - pom.xml
      - .jtqj.trace.db
      - bin
        src
        main
        resources
        db
        migration
        1.0
        V0008__Master_Data.sql
        V0004__Add_blob_data.sql
        type
        h2
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0007__Create_Access_Code.sql
        V0006__Create_Queue.sql
        V0001__Create_Sequence.sql
        V0005__Create_Visitor.sql
        mssql
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        oracle
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        mysql
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        hana
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        postgresql
        V0003__Create_BinaryObject.sql
        V0002__Create_RevInfo.sql
        V0001__Create_Sequence.sql
        config
        app
        security
        access-control-schema.xml
        common
        dozer-mapping.xml
        dataaccess
        NamedQueries.xml
        application.properties
        META-INF
        orm.xml
        cxf
        org.apache.cxf.Logger
        application.properties
        static
        index.html
        test
        resources
        config
        application.properties
        pom.xml
      - .jtqj.mv.db
  - .gitignore
- .travis.yml
- README.md
- ISSUE_TEMPLATE.asciidoc
- PR_TEMPLATE.asciidoc
- TERMS_OF_USE.asciidoc

package com.devonfw.application.jtqj.general.service.impl.config;

import javax.inject.Inject;
import javax.servlet.Filter;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

import com.devonfw.application.jtqj.general.common.impl.security.CsrfRequestMatcher;
import com.devonfw.module.security.common.impl.rest.AuthenticationSuccessHandlerSendingOkHttpStatusCode;
import com.devonfw.module.security.common.impl.rest.JsonUsernamePasswordAuthenticationFilter;
import com.devonfw.module.security.common.impl.rest.LogoutSuccessHandlerReturningOkHttpStatusCode;

/**
 * This type serves as a base class for extensions of the {@code WebSecurityConfigurerAdapter} and provides a default
 * configuration. <br/>
 * Security configuration is based on {@link WebSecurityConfigurerAdapter}. This configuration is by purpose designed
 * most simple for two channels of authentication: simple login form and rest-url.
 */
public abstract class BaseWebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Value("${security.cors.enabled}")
  boolean corsEnabled = false;

  @Inject
  private UserDetailsService userDetailsService;

  @Inject
  private PasswordEncoder passwordEncoder;

  private CorsFilter getCorsFilter() {

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("OPTIONS");
    config.addAllowedMethod("HEAD");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("POST");
    config.addAllowedMethod("DELETE");
    config.addAllowedMethod("PATCH");
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
  }

  /**
   * Configure spring security to enable a simple webform-login + a simple rest login.
   */
  @Override
  public void configure(HttpSecurity http) throws Exception {

    String[] unsecuredResources = new String[] { "/login", "/security/**", "/services/rest/login",
    "/services/rest/logout" };

    /**http
        //
        .userDetailsService(this.userDetailsService)
        // define all urls that are not to be secured
        .authorizeRequests().antMatchers(unsecuredResources).permitAll().anyRequest().authenticated().and()

        // activate crsf check for a selection of urls (but not for login & logout)
        .csrf().requireCsrfProtectionMatcher(new CsrfRequestMatcher()).and()

        // configure parameters for simple form login (and logout)
        .formLogin().successHandler(new SimpleUrlAuthenticationSuccessHandler()).defaultSuccessUrl("/")
        .failureUrl("/login.html?error").loginProcessingUrl("/j_spring_security_login").usernameParameter("username")
        .passwordParameter("password").and()
        // logout via POST is possible
        .logout().logoutSuccessUrl("/login.html").and()

        // register login and logout filter that handles rest logins
        .addFilterAfter(getSimpleRestAuthenticationFilter(), BasicAuthenticationFilter.class)
        .addFilterAfter(getSimpleRestLogoutFilter(), LogoutFilter.class);*/

    http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();

    if (this.corsEnabled) {
      http.addFilterBefore(getCorsFilter(), CsrfFilter.class);
    }
  }

  /**
   * Create a simple filter that allows logout on a REST Url /services/rest/logout and returns a simple HTTP status 200
   * ok.
   *
   * @return the filter.
   */
  protected Filter getSimpleRestLogoutFilter() {

    LogoutFilter logoutFilter = new LogoutFilter(new LogoutSuccessHandlerReturningOkHttpStatusCode(),
        new SecurityContextLogoutHandler());

    // configure logout for rest logouts
    logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/services/rest/logout"));

    return logoutFilter;
  }

  /**
   * Create a simple authentication filter for REST logins that reads user-credentials from a json-parameter and returns
   * status 200 instead of redirect after login.
   *
   * @return the {@link JsonUsernamePasswordAuthenticationFilter}.
   * @throws Exception if something goes wrong.
   */
  protected JsonUsernamePasswordAuthenticationFilter getSimpleRestAuthenticationFilter() throws Exception {

    JsonUsernamePasswordAuthenticationFilter jsonFilter = new JsonUsernamePasswordAuthenticationFilter(
        new AntPathRequestMatcher("/services/rest/login"));
    jsonFilter.setPasswordParameter("j_password");
    jsonFilter.setUsernameParameter("j_username");
    jsonFilter.setAuthenticationManager(authenticationManager());
    // set failurehandler that uses no redirect in case of login failure; just HTTP-status: 401
    jsonFilter.setAuthenticationManager(authenticationManagerBean());
    jsonFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
    // set successhandler that uses no redirect in case of login success; just HTTP-status: 200
    jsonFilter.setAuthenticationSuccessHandler(new AuthenticationSuccessHandlerSendingOkHttpStatusCode());
    return jsonFilter;
  }

  @SuppressWarnings("javadoc")
  @Inject
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.inMemoryAuthentication().withUser("waiter").password(this.passwordEncoder.encode("waiter")).roles("Waiter")
        .and().withUser("cook").password(this.passwordEncoder.encode("cook")).roles("Cook").and().withUser("barkeeper")
        .password(this.passwordEncoder.encode("barkeeper")).roles("Barkeeper").and().withUser("chief")
        .password(this.passwordEncoder.encode("chief")).roles("Chief");
  }

}