Java Code Examples for org.springframework.cloud.common.security.support.SecurityConfigUtils

The following examples show how to use org.springframework.cloud.common.security.support.SecurityConfigUtils. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
/**
 * The returned {@link List} of {@link GrantedAuthority}s contains all roles from
 * {@link CoreSecurityRoles}. The roles are prefixed with the value specified in
 * {@link GrantedAuthorityDefaults}.
 *
 * @param providerId Not used
 * @param scopes Not used
 * @param token Must not be null or empty.
 */
@Override
public Set<GrantedAuthority> mapScopesToAuthorities(String providerId, Set<String> scopes, String token) {
	if (cloudFoundrySecurityService.isSpaceDeveloper(token)) {
		final List<String> rolesAsStrings = new ArrayList<>();
		final Set<GrantedAuthority> grantedAuthorities = Stream.of(CoreSecurityRoles.values())
				.map(roleEnum -> {
					final String roleName = SecurityConfigUtils.ROLE_PREFIX + roleEnum.getKey();
					rolesAsStrings.add(roleName);
					return new SimpleGrantedAuthority(roleName);
				})
				.collect(Collectors.toSet());
		logger.info("Adding ALL roles {} to Cloud Foundry Space Developer user.",
				StringUtils.collectionToCommaDelimitedString(rolesAsStrings));
		return grantedAuthorities;
	}
	else {
		return Collections.emptySet();
	}
}
 
Example 2
/**
 * The returned {@link List} of {@link GrantedAuthority}s contains all roles from
 * {@link CoreSecurityRoles}. The roles are prefixed with the value specified in
 * {@link GrantedAuthorityDefaults}.
 *
 * @param map Must not be null. Is only used for logging
 */
@Override
public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
	Assert.notNull(map, "The map argument must not be null.");

	if (cloudFoundrySecurityService.isSpaceDeveloper()) {
		final List<String> rolesAsStrings = new ArrayList<>();
		final List<GrantedAuthority> grantedAuthorities = Stream.of(CoreSecurityRoles.values())
				.map(roleEnum -> {
					final String roleName = SecurityConfigUtils.ROLE_PREFIX + roleEnum.getKey();
					rolesAsStrings.add(roleName);
					return new SimpleGrantedAuthority(roleName);
				})
				.collect(Collectors.toList());
		logger.info("Adding ALL roles {} to Cloud Foundry Space Developer user {}",
				StringUtils.collectionToCommaDelimitedString(rolesAsStrings), map);
		return grantedAuthorities;
	}
	else {
		return new ArrayList<>(0);
	}
}
 
Example 3
@Override
protected void configure(HttpSecurity http) throws Exception {

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(SecurityConfigUtils.BASIC_AUTH_REALM_NAME);
	basicAuthenticationEntryPoint.afterPropertiesSet();

	if (opaqueTokenIntrospector != null) {
		BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
				providerManager(), basicAuthenticationEntryPoint);
		http.addFilter(basicAuthenticationFilter);
	}

	this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
	this.authorizationProperties.getAuthenticatedPaths().add(dashboard(""));

	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
			http.authorizeRequests()
					.antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))
					.permitAll()
	.antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))
	.authenticated();

	security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties);
	security.anyRequest().denyAll();

	http.httpBasic().and()
			.logout()
			.logoutSuccessUrl(dashboard("/logout-success-oauth.html"))
			.and().csrf().disable()
			.exceptionHandling()
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**"))
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"));

	if (opaqueTokenIntrospector != null) {
		http.oauth2ResourceServer()
			.opaqueToken()
				.introspector(opaqueTokenIntrospector());
	} else if (oAuth2ResourceServerProperties.getJwt().getJwkSetUri() != null) {
		http.oauth2ResourceServer()
			.jwt()
				.jwtAuthenticationConverter(grantedAuthoritiesExtractor());
	}

	this.securityStateBean.setAuthenticationEnabled(true);
}