java source code of WallRideSecurityConfiguration

wallride-master
- src
  - site
    - checkstyle.xml
    - site.xml
- wallride-ui-guest
  - src
    - resources
      - img
      - css
        sticky-footer-navbar.css
        common.css
    - templates
      - page
        describe.html
      - error.html
      - user
        password-reset3-reset.html
        password-reset2-token.html
        password-update.html
        signup.html
        password-reset1-entry.html
        profile-update.html
        login.html
      - tag
        post.html
        index.html
      - category
        post.html
        index.html
      - layout.html
      - article
        author.html
        describe.html
        category.html
        index.html
      - google-analytics.html
      - index.html
      - search.html
    - app.js
  - webpack.config.js
  - package.json
- wallride-dependencies
  - pom.xml
- pom.xml
- mvnw
- LICENSE
- wallride-tools
  - src
    - main
      - resources
        logback.xml
      - java
        org
        wallride
        tools
        Hbm2ddl.java
  - pom.xml
- wallride-core
  - src
    - main
      - resources
        schema-drop-mysql.sql
        jgroups-tcp.xml
        userdict.txt
        schema-mysql.sql
        mail
        password-reset.html
        password-changed.html
        user-invite.html
        jgroups-ec2.xml
        synonyms.txt
        schema-drop-postgresql.sql
        messages
        validations_es.properties
        validations_ru.properties
        languages_es.properties
        languages_it.properties
        messages_ru.properties
        validations.properties
        validations_vi.properties
        enumerations_ko.properties
        validations_en.properties
        languages_ru.properties
        languages_en.properties
        validations_ja.properties
        enumerations_ru.properties
        enumerations_zh.properties
        validations_zh.properties
        messages_ja.properties
        messages_it.properties
        messages_sr.properties
        enumerations_vi.properties
        enumerations_fr.properties
        languages.properties
        messages_en.properties
        languages_vi.properties
        validations_fr.properties
        validations_sr.properties
        messages_vi.properties
        enumerations_de.properties
        enumerations_es.properties
        messages.properties
        enumerations.properties
        languages_ko.properties
        languages_de.properties
        languages_sr.properties
        messages_zh.properties
        validations_ko.properties
        messages_de.properties
        enumerations_en.properties
        enumerations_it.properties
        enumerations_sr.properties
        messages_fr.properties
        validations_de.properties
        languages_zh.properties
        languages_ja.properties
        languages_fr.properties
        enumerations_ja.properties
        messages_es.properties
        messages_ko.properties
        validations_it.properties
        favicon.ico
        META-INF
        spring.factories
        schema-postgresql.sql
        application.properties
      - java
        org
        wallride
        web
        support
        HttpForbiddenException.java
        DomainObjectSelect2Model.java
        BlogLanguageLocaleResolver.java
        Tags.java
        ExtendedUrlRewriteFilter.java
        DefaultModelAttributeInterceptor.java
        BlogLanguageRewriteRule.java
        BlogLanguageMethodArgumentResolver.java
        MediaHttpRequestHandler.java
        BlogLanguageDataValueProcessor.java
        LanguageUrlPathHelper.java
        AuthorizedUserMethodArgumentResolver.java
        Categories.java
        Posts.java
        RestValidationErrorModel.java
        Articles.java
        HttpNotFoundException.java
        Pages.java
        PathVariableLocaleResolver.java
        DomainObjectSavedModel.java
        DomainObjectDeletedModel.java
        AtomFeedView.java
        MaxSizeValidator.java
        MaxSize.java
        Pagination.java
        DomainObjectUpdatedModel.java
        Devices.java
        ControllerUtils.java
        Users.java
        RssFeedView.java
        SetupRedirectInterceptor.java
        BlogLanguageRewriteMatch.java
        ExtendedThymeleafViewResolver.java
        Medias.java
        BlogLanguageRedirectStrategy.java
        controller
        admin
        page
        PageDeleteController.java
        PageBulkDeleteForm.java
        PageRestController.java
        PageEditForm.java
        PagePreviewController.java
        PageCreateForm.java
        PageDescribeController.java
        PageCreateController.java
        PageSearchController.java
        PageEditController.java
        PageTreeController.java
        PageDeleteForm.java
        PagePreviewForm.java
        PageIndexModel.java
        PageBulkDeleteController.java
        PageSearchForm.java
        signup
        SignupForm.java
        SignupController.java
        LoginController.java
        user
        UserInvitationResendController.java
        UserEditForm.java
        UserSearchForm.java
        UserInvitationDeleteController.java
        UserBulkDeleteController.java
        UserInvitationIndexController.java
        UserSearchController.java
        UserDeleteForm.java
        UserDeleteController.java
        UserSelect2Controller.java
        UserInvitationResendForm.java
        UserInvitationCreateForm.java
        UserInvitationCreateController.java
        UserInvitationDeleteForm.java
        UserEditController.java
        UserBulkDeleteForm.java
        UserDescribeController.java
        setup
        SetupForm.java
        SetupController.java
        analytics
        GoogleAnalyticsUpdateController.java
        GoogleAnalyticsUpdateForm.java
        GoogleAnalyticsDeleteController.java
        GoogleAnalyticsSyncController.java
        GoogleAnalyticsIndexController.java
        post
        PostSelectController.java
        PostDescribeController.java
        tag
        TagBulkDeleteController.java
        TagEditForm.java
        TagBulkDeleteForm.java
        TagMergeForm.java
        TagRestController.java
        TagSearchController.java
        TagSearchForm.java
        TagSelect2Controller.java
        TagCreateForm.java
        category
        CategoryIndexModel.java
        CategoryEditForm.java
        CategoryIndexController.java
        CategoryCreateForm.java
        CategoryRestController.java
        CategorySearchForm.java
        CategorySelectController.java
        media
        MediaIndexController.java
        MediaIndexModel.java
        MediaCreateController.java
        MediaCreatedModel.java
        DashboardController.java
        customfield
        CustomFieldSearchForm.java
        CustomFieldEditForm.java
        CustomFieldBulkDeleteController.java
        CustomFieldIndexModel.java
        CustomFieldSearchController.java
        CustomFieldCreateController.java
        CustomFieldCreateForm.java
        CustomFieldRestController.java
        CustomFieldEditController.java
        CustomFieldBulkDeleteForm.java
        article
        ArticleBulkPublishController.java
        ArticleCreateController.java
        CustomFieldValueEditForm.java
        ArticleSearchForm.java
        ArticleCreateForm.java
        ArticleBulkPublishForm.java
        ArticleSearchController.java
        ArticleBulkDeleteController.java
        ArticleDescribeController.java
        ArticlePreviewController.java
        ArticleEditForm.java
        ArticleDeleteController.java
        ArticleEditController.java
        ArticlePreviewForm.java
        ArticleBulkUnpublishController.java
        ArticleBulkDeleteForm.java
        ArticleDeleteForm.java
        ArticleBulkUnpublishForm.java
        system
        SystemIndexController.java
        comment
        CommentSearchController.java
        CommentBulkUnapproveForm.java
        CommentSearchForm.java
        CommentBulkApproveController.java
        CommentBulkDeleteForm.java
        CommentBulkApproveForm.java
        CommentBulkUnapproveController.java
        CommentBulkDeleteController.java
        guest
        page
        PageDescribeController.java
        user
        PasswordResetController.java
        LoginController.java
        SignupForm.java
        PasswordResetForm.java
        ProfileUpdateForm.java
        SignupController.java
        ProfileUpdateController.java
        PasswordUpdateForm.java
        PasswordUpdateController.java
        TagController.java
        SearchController.java
        CategoryController.java
        IndexController.java
        article
        ArticleIndexController.java
        ArticleSearchForm.java
        ArticleDescribeController.java
        FeedController.java
        comment
        CommentSavedModel.java
        CommentForm.java
        CommentRestController.java
        support
        CodeFormat.java
        CustomFieldValuesBridge.java
        LocalDateTimeSerializer.java
        ProxySecureChannelProcessor.java
        CategoryUtils.java
        CodeFormatAnnotationFormatterFactory.java
        ProxyInsecureChannelProcessor.java
        GoogleAnalyticsUtils.java
        CodeFormatter.java
        ArticleUtils.java
        StringFormatter.java
        PostUtils.java
        TagUtils.java
        AuthorizedUser.java
        PageUtils.java
        ExtendedResourceUtils.java
        job
        UpdatePostViewsItemReader.java
        UpdatePostViewsJobConfigurer.java
        UpdatePostViewsItemWriter.java
        service
        MediaService.java
        UserService.java
        ArticleService.java
        CategoryService.java
        BlogService.java
        CustomFieldService.java
        SetupService.java
        AuthorizedUserDetailsService.java
        PostService.java
        SignupService.java
        CommentService.java
        PageService.java
        TagService.java
        SystemService.java
        exception
        DuplicateEmailException.java
        DuplicateLoginIdException.java
        DuplicateNameException.java
        EmptyCodeException.java
        ServiceException.java
        GoogleAnalyticsException.java
        EmailNotFoundException.java
        NotNullException.java
        DuplicateCodeException.java
        domain
        NavigationItemCategory.java
        BlogLanguage.java
        Blog.java
        NavigationItemPage.java
        NavigationItem.java
        GoogleAnalytics.java
        PasswordResetToken.java
        CustomFieldValue.java
        Seo.java
        Article.java
        Category.java
        Post.java
        CustomFieldOption.java
        Media.java
        Tag.java
        PopularPost.java
        CustomField.java
        PersonalName.java
        Comment.java
        User.java
        UserInvitation.java
        DomainObject.java
        Page.java
        model
        CommentUpdateRequest.java
        TagBulkDeleteRequest.java
        TreeNode.java
        UserInvitationCreateRequest.java
        CommentBulkDeleteRequest.java
        TagUpdateRequest.java
        CommentDeleteRequest.java
        PasswordUpdateRequest.java
        PostSearchRequest.java
        CategoryCreateRequest.java
        TagDeleteRequest.java
        PageBulkDeleteRequest.java
        ProfileUpdateRequest.java
        ArticleSearchRequest.java
        CustomFieldBulkDeleteRequest.java
        ArticleBulkUnpublishRequest.java
        UserInvitationResendRequest.java
        UserBulkDeleteRequest.java
        SignupRequest.java
        PageUpdateRequest.java
        UserUpdateRequest.java
        TagCreateRequest.java
        ArticleCreateRequest.java
        PasswordResetTokenCreateRequest.java
        CustomFieldCreateRequest.java
        GoogleAnalyticsUpdateRequest.java
        PageSearchRequest.java
        CommentSearchRequest.java
        ArticleUpdateRequest.java
        UserSearchRequest.java
        TagMergeRequest.java
        UserInvitationDeleteRequest.java
        CustomFieldDeleteRequest.java
        CustomFieldUpdateRequest.java
        ArticleBulkPublishRequest.java
        CommentBulkUnapproveRequest.java
        PageDeleteRequest.java
        CustomFieldSearchRequest.java
        ArticleBulkDeleteRequest.java
        CategorySearchRequest.java
        CommentBulkApproveRequest.java
        PageCreateRequest.java
        CommentCreateRequest.java
        UserDeleteRequest.java
        SetupRequest.java
        ArticleDeleteRequest.java
        CategoryUpdateRequest.java
        TagSearchRequest.java
        repository
        PopularPostRepository.java
        PageRepositoryImpl.java
        CategoryRepository.java
        PasswordResetTokenRepository.java
        PageRepositoryCustom.java
        TagRepositoryCustom.java
        PageSpecifications.java
        UserRepositoryCustom.java
        CustomFieldRepositoryCustom.java
        CustomFieldRepository.java
        ArticleRepositoryCustom.java
        BlogRepository.java
        PageRepository.java
        CommentRepository.java
        UserRepositoryImpl.java
        TagRepositoryImpl.java
        PostRepository.java
        CategoryRepositoryImpl.java
        ArticleSpecifications.java
        CustomFieldRepositoryImpl.java
        PostRepositoryCustom.java
        PostRepositoryImpl.java
        MediaRepository.java
        ArticleRepositoryImpl.java
        CategorySpecifications.java
        UserInvitationRepository.java
        TagRepository.java
        UserRepository.java
        CategoryRepositoryCustom.java
        ArticleRepository.java
        CommentRepositoryImpl.java
        CommentRepositoryCustom.java
        autoconfigure
        WallRideAutoConfiguration.java
        WallRideJobConfiguration.java
        WallRideInitializer.java
        WallRideResourceTemplateResource.java
        WallRideResourceTemplateResolver.java
        WallRideThymeleafDialect.java
        CacheKeyGenerator.java
        ExtendedMySQL5InnoDBDialect.java
        WallRideServletConfiguration.java
        WallRideDispatcherServlet.java
        InfinispanDataSourceConnectionFactoryConfigurationBuilder.java
        WallRideJpaConfiguration.java
        WallRideMailConfiguration.java
        InfinispanDataSourceConnectionFactory.java
        WebGuestComponentScanRegistrar.java
        WallRideSecurityConfiguration.java
        WallRideExpressionObjectFactory.java
        InfinispanSingletonCacheManagerDirectoryProvider.java
        WebAdminConfiguration.java
        WebAdminComponentScan.java
        WebAdminComponentScanRegistrar.java
        WallRideWebMvcConfiguration.java
        WallRideMessageSourceConfiguration.java
        WallRideScheduleConfiguration.java
        WebGuestConfiguration.java
        WallRideCacheConfiguration.java
        WallRideThymeleafConfiguration.java
        WebGuestComponentScan.java
        InfinispanDataSourceConnectionFactoryConfiguration.java
        PhysicalNamingStrategySnakeCaseImpl.java
        WallRideProperties.java
    - test
      - resources
        application.properties
      - java
        org
        wallride
        test
        TestConfiguration.java
        domain
        BlogTests.java
  - pom.xml
- wallride-ui-admin
  - src
    - resources
      - img
        sample.jpg
        thumbnail.jpg
      - js
        common.js
        jquery.mjs.nestedSortable.js
        jquery.shiftcheckbox.js
      - font
        flaticon.woff
        flaticon.svg
        flaticon.eot
        flaticon.ttf
      - css
        wallride.custom.css
        flaticon.css
        wallride.css
    - templates
      - page
        describe.html
        edit.html
        tree.html
        create.html
        index.html
      - signup
        signup.html
      - user
        describe.html
        edit.html
        index.html
        invitation
        index.html
      - analytics
        edit.html
        index.html
      - tag
        index.html
      - category
        index.html
      - setup.html
      - customfield
        edit.html
        create.html
        index.html
      - froala.html
      - layout.html
      - article
        describe.html
        edit.html
        create.html
        index.html
      - dashboard.html
      - system
        index.html
      - comment
        index.html
      - login.html
    - app.js
  - webpack.config.js
  - package.json
- .mvn
  - wrapper
    - maven-wrapper.jar
    - maven-wrapper.properties
- .travis.yml
- README.md
- wallride-bootstrap
  - src
    - main
      - resources
        logback.xml
      - java
        org
        wallride
        bootstrap
        Bootstrap.java
    - test
      - java
        org
        wallride
        bootstrap
        BootstrapTests.java
  - pom.xml
- .gitignore
- mvnw.cmd
- wallride-parent
  - pom.xml

/*
 * Copyright 2014 Tagbangers, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wallride.autoconfigure;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.wallride.service.AuthorizedUserDetailsService;
import org.wallride.web.support.BlogLanguageRedirectStrategy;

import javax.sql.DataSource;
import java.util.ArrayList;
import java.util.List;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WallRideSecurityConfiguration {

	@Autowired
	private DataSource dataSource;

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		// @formatter:off
		auth
			.userDetailsService(authorizedUserDetailsService())
			.passwordEncoder(new StandardPasswordEncoder());
		// @formatter:on
	}

	@Configuration
	@Order(1)
	public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {

		@Autowired
		private AccessDecisionManager accessDecisionManager;
//		@Autowired
//		private SecurityExpressionHandler securityExpressionHandler;
		@Autowired
		private PersistentTokenRepository persistentTokenRepository;

		@Override
		public void configure(WebSecurity web) throws Exception {
			// @formatter:off
			web
				.ignoring()
					.antMatchers("/_admin/resources/**")
					.antMatchers("/_admin/webjars/**")
					.antMatchers("/_admin/setup**")
					.antMatchers("/_admin/signup**");
			// @formatter:on
		}

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			// @formatter:off
			http.antMatcher("/_admin/**")
				.authorizeRequests()
					.accessDecisionManager(accessDecisionManager)
//		            .expressionHandler(securityExpressionHandler)
					.antMatchers("/_admin/**").hasRole("ADMIN")
					.and()
				.formLogin()
					.loginPage("/_admin/login").permitAll()
					.loginProcessingUrl("/_admin/login")
					.defaultSuccessUrl("/_admin/")
					.failureUrl("/_admin/login?failed")
					.and()
				.logout()
					.logoutRequestMatcher(new AntPathRequestMatcher("/_admin/logout", "GET"))
					.logoutSuccessUrl("/_admin/login")
					.and()
				.rememberMe()
					.tokenRepository(persistentTokenRepository)
					.and()
				.headers()
					.frameOptions().disable()
					.cacheControl().disable()
					.httpStrictTransportSecurity().disable()
					.and()
				.csrf()
					.disable()
				.exceptionHandling()
					.accessDeniedPage("/_admin/login");
			// @formatter:on
		}
	}

	@Configuration
	@Order(2)
	public static class GuestSecurityConfig extends WebSecurityConfigurerAdapter {

		@Autowired
		private AccessDecisionManager accessDecisionManager;
//		@Autowired
//		private SecurityExpressionHandler securityExpressionHandler;
		@Autowired
		private PersistentTokenRepository persistentTokenRepository;

		@Override
		public void configure(WebSecurity web) throws Exception {
			// @formatter:off
			web
				.ignoring()
					.antMatchers("/resources/**")
					.antMatchers("/webjars/**");
			// @formatter:on
		}

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			RedirectStrategy redirectStrategy = new BlogLanguageRedirectStrategy();

			SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
			successHandler.setRedirectStrategy(redirectStrategy);
			successHandler.setDefaultTargetUrl("/");

			SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler("/login?failed");
			failureHandler.setRedirectStrategy(redirectStrategy);

			SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
			logoutSuccessHandler.setRedirectStrategy(redirectStrategy);
			logoutSuccessHandler.setDefaultTargetUrl("/");

			// @formatter:off
			http.antMatcher("/**")
				.authorizeRequests()
					.accessDecisionManager(accessDecisionManager)
//		            .expressionHandler(securityExpressionHandler)
					.antMatchers("/settings/**").hasRole("VIEWER")
					.antMatchers("/comments/**").hasRole("VIEWER")
					.and()
				.formLogin()
					.loginPage("/login").permitAll()
					.loginProcessingUrl("/login")
					.successHandler(successHandler)
					.failureHandler(failureHandler)
					.and()
				.logout()
					.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
					.logoutSuccessHandler(logoutSuccessHandler)
					.and()
				.rememberMe()
					.tokenRepository(persistentTokenRepository)
					.and()
				.headers()
					.frameOptions().disable()
					.cacheControl().disable()
					.httpStrictTransportSecurity().disable()
					.and()
				.csrf()
					.disable()
				.exceptionHandling()
					.accessDeniedPage("/login");
			// @formatter:on
		}
	}

	@Bean
	public UserDetailsService authorizedUserDetailsService() {
		return new AuthorizedUserDetailsService();
	}

	@Bean
	public AffirmativeBased accessDecisionManager() {
		List<AccessDecisionVoter<?>> accessDecisionVoters = new ArrayList<>();
		accessDecisionVoters.add(roleVoter());
		accessDecisionVoters.add(webExpressionVoter());

		AffirmativeBased accessDecisionManager = new AffirmativeBased(accessDecisionVoters);
		return accessDecisionManager;
	}

	@Bean
	public WebExpressionVoter webExpressionVoter() {
		WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
		webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
		return webExpressionVoter;
	}

	@Bean
	public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
		DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
		defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy());
		return defaultWebSecurityExpressionHandler;
	}

	@Bean
	public RoleHierarchy roleHierarchy() {
		RoleHierarchyImpl hierarchy = new RoleHierarchyImpl();
		hierarchy.setHierarchy("ROLE_ADMIN > ROLE_VIEWER");
		return hierarchy;
	}

	@Bean
	public RoleVoter roleVoter() {
		return new RoleHierarchyVoter(roleHierarchy());
	}

	@Bean
	public PersistentTokenRepository persistentTokenRepository() {
		JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl();
		repository.setDataSource(dataSource);
		return repository;
	}
}