• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• java-api-best-practices-master
  • src
    • main
      • resources
        • logback.xml
        • application.properties
      • java
        • net
          • dainco
            • module
              • user
                • dao
                  • impl
                    • UserDaoImpl.java
                  • UserDao.java
                • util
                  • UserConstants.java
                • service
                  • impl
                    • UserServiceImpl.java
                  • UserService.java
                • exception
                  • UserRegistrationException.java
                  • UserNotFoundException.java
                • domain
                  • dto
                    • UserPrivateDto.java
                    • UserPublicDto.java
                    • UserRegistrationDto.java
                    • UserRegistrationResponseDto.java
                  • entity
                    • UserEntity.java
                  • UserPublic.java
                  • UserPrivate.java
                • rest
                  • UserController.java
              • common
                • dao
                  • AbstractDao.java
                • util
                  • CommonConstants.java
                  • MorePreconditions.java
                • exception
                  • BadRequestException.java
                • domain
                  • PaginatedValuesDto.java
                  • ValuesListDto.java
                  • SingleValueDto.java
            • container
              • configuration
                • SwaggerConfiguration.java
                • SecurityConfiguration.java
                • ApplicationContextConfiguration.java
                • PersistenceConfiguration.java
              • WebApplication.java
              • filter
                • CorsFilter.java
  • pom.xml
  • LICENSE
  • build-docker.sh
  • README.md
  • Dockerfile
  • .gitignore

package net.dainco.container.configuration;

import net.dainco.container.filter.CorsFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * Security configuration.
 * {@link EnableWebSecurity} enables Spring security.
 * {@link EnableGlobalMethodSecurity} enables the annotation @PermitAll, @Secured etc on the
 * controllers.
 * TODO: Add your configuration options, for example OAuth tokens etc.
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfiguration.class);

  @Bean
  public FilterRegistrationBean corsFilter() {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(new CorsFilter());
    // Highest priority to authorise OPTION requests.
    filterRegistrationBean.setOrder(0);
    return filterRegistrationBean;
  }

  @Override
  public void configure(WebSecurity web) throws Exception {
    // Ignore security for the Swagger documentation.
    web.ignoring()
        .antMatchers("/configuration/ui")
        .antMatchers("/images/**")
        .antMatchers("/swagger-resources")
        .antMatchers("/swagger-ui.html")
        .antMatchers("/v2/api-docs")
        .antMatchers("/webjars/**");
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
          .csrf()
          .disable();
  }
}