• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• springsecuritytotp-master
  • client
    • src
      • styles.css
      • favicon.ico
      • polyfills.ts
      • main.ts
      • index.html
      • app
        • app.component.css
        • app.component.html
        • home
          • home.component.ts
          • home.component.css
          • home.component.html
        • signup
          • signup.component.html
          • signup.component.css
          • signup.component.ts
        • app-routing.module.ts
        • auth.guard.ts
        • auth.service.ts
        • app.module.ts
        • totp
          • totp.component.html
          • totp.component.ts
          • totp.component.css
        • app.component.ts
        • totp-additional-security
          • totp-additional-security.component.html
          • totp-additional-security.component.ts
          • totp-additional-security.component.css
        • sign-in
          • sign-in.component.css
          • sign-in.component.html
          • sign-in.component.ts
        • signup-secret
          • signup-secret.component.ts
          • signup-secret.component.html
          • signup-secret.component.css
        • signup-okay
          • signup-okay.component.css
          • signup-okay.component.html
          • signup-okay.component.ts
      • environments
        • environment.ts
        • environment.prod.ts
    • tslint.json
    • proxy.conf.json
    • .editorconfig
    • browserslist
    • tsconfig.app.json
    • package.json
    • angular.json
    • tsconfig.json
    • .gitignore
  • LICENSE
  • README.md
  • server
    • src
      • main
        • resources
          • db
            • migration
              • V0001__initial.sql
          • application.properties
        • java
          • ch
            • rasc
              • twofa
                • security
                  • AuthenticationFlow.java
                  • SignupResponse.java
                  • AppUserDetail.java
                  • SecurityConfig.java
                  • CustomTotp.java
                  • AppUserAuthentication.java
                  • SignupController.java
                  • AuthController.java
                • db
                  • Keys.java
                  • DefaultSchema.java
                  • tables
                    • AppUser.java
                    • records
                      • AppUserRecord.java
                  • DefaultCatalog.java
                • migration
                  • V0002__initial_import.java
                • ResourceConfig.java
                • Application.java
    • pom.xml
    • mvnw
    • .mvn
      • wrapper
        • maven-wrapper.jar
        • MavenWrapperDownloader.java
        • maven-wrapper.properties
    • .gitignore
    • mvnw.cmd
  • .gitignore

package ch.rasc.twofa.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;

import com.codahale.passpol.BreachDatabase;
import com.codahale.passpol.PasswordPolicy;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Bean
  @Override
  protected AuthenticationManager authenticationManager() throws Exception {
    return authentication -> {
      throw new AuthenticationServiceException("Cannot authenticate " + authentication);
    };
  }

  @Bean
  public PasswordEncoder passwordEncoder() {
    return new Argon2PasswordEncoder(16, 32, 8, 1 << 16, 4);
  }

  @Bean
  public PasswordPolicy passwordPolicy() {
    return new PasswordPolicy(BreachDatabase.top100K(), 8, 256);
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf(customizer -> customizer.disable()).authorizeRequests(customizer -> {
      customizer
          .antMatchers("/authenticate", "/signin", "/verify-totp",
              "/verify-totp-additional-security", "/signup", "/signup-confirm-secret")
          .permitAll().anyRequest().authenticated();
    }).logout(customizer -> customizer
        .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()));
  }

	@Override
	public void configure(WebSecurity web) {
		web.ignoring().antMatchers("/", "/assets/**/*", "/svg/**/*", "/*.br", "/*.gz", 
		                           "/*.html", "/*.js", "/*.css", "/*.woff2", "/*.ttf", "/*.eot",
															 "/*.svg", "/*.woff", "/*.ico");
	}

}