• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• spring-glee-o-meter-master
  • src
    • main
      • resources
        • application.yml
        • application-dev.yml
      • java
        • net
          • reliqs
            • gleeometer
              • security
                • UserService.java
                • SimpleCorsFilter.java
                • AngularWebConfig.java
                • ResourceServerConfiguration.java
                • ServerSecurityConfig.java
                • ServerSecurityConfigDev.java
                • OAuthConfiguration.java
              • users
                • UserController.java
                • SignInController.java
                • User.java
                • UserRepository.java
              • GleeOMeterApplication.java
              • glee
                • GleeController.java
                • Glee.java
                • GleeRepository.java
                • GleeRepositoryCustomImpl.java
                • GleeRepositoryCustom.java
                • LoadDatabase.java
              • errors
                • CustomAccessDeniedHandler.java
                • ApiError.java
                • CustomAuthenticationEntryPoint.java
                • RestExceptionHandler.java
                • EntityNotFoundException.java
      • webapp
        • WEB-INF
          • appengine-web.xml
    • test
      • java
        • net
          • reliqs
            • gleeometer
              • GleeOMeterApplicationTests.java
  • pom.xml
  • mvnw
  • LICENSE
  • .mvn
    • wrapper
      • maven-wrapper.properties
  • README.md
  • .gitignore
  • mvnw.cmd

package net.reliqs.gleeometer.security;

import net.reliqs.gleeometer.errors.CustomAccessDeniedHandler;
import net.reliqs.gleeometer.errors.CustomAuthenticationEntryPoint;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;

    public ResourceServerConfiguration(CustomAuthenticationEntryPoint customAuthenticationEntryPoint) {
        this.customAuthenticationEntryPoint = customAuthenticationEntryPoint;
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId("api");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .antMatcher("/api/**")
                .authorizeRequests()
                .antMatchers("/api/signin**").permitAll()
                .antMatchers("/api/signin/**").permitAll()
                .antMatchers("/api/glee**").hasAnyAuthority("ADMIN", "USER")
                .antMatchers("/api/users**").hasAuthority("ADMIN")
                .antMatchers("/api/**").authenticated()
                .anyRequest().authenticated()
                .and()
                .exceptionHandling().authenticationEntryPoint(customAuthenticationEntryPoint).accessDeniedHandler(new CustomAccessDeniedHandler());
    }

}