Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Introduced component-based security configuration for Spring #14303

Merged
merged 13 commits into from
Aug 16, 2022
Merged

feat: Introduced component-based security configuration for Spring #14303

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
ea623f7
feat: Introduced component-based security configuration for Spring
MarcinVaadin Aug 9, 2022
be619c6
test: Additional Spring classes exclusions added to serialization test
MarcinVaadin Aug 10, 2022
fe8a0a4
chore: Javadocs update
MarcinVaadin Aug 10, 2022
e9c0cd9
Merge branch 'master' into feat/13910-support-for-the-component-based…
MarcinVaadin Aug 10, 2022
95263ac
Merge remote-tracking branch 'origin/master' into feat/13910-support-…
MarcinVaadin Aug 11, 2022
07fb70c
Merge branch 'master' into feat/13910-support-for-the-component-based…
MarcinVaadin Aug 11, 2022
275fdda
feat: moved getDefaultWebSecurityIgnoreMatcher from WebSecurityCustom…
MarcinVaadin Aug 12, 2022
f2b17ad
Merge remote-tracking branch 'origin/feat/13910-support-for-the-compo…
MarcinVaadin Aug 12, 2022
fdae699
Update vaadin-spring/src/main/java/com/vaadin/flow/spring/security/Va…
MarcinVaadin Aug 12, 2022
7fa7a3b
Implementation update to ease migration
MarcinVaadin Aug 16, 2022
5d9385b
javadocs update
MarcinVaadin Aug 16, 2022
2a79dfe
javadocs update
MarcinVaadin Aug 16, 2022
e12b0b3
javadocs update - formatter
MarcinVaadin Aug 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 34 additions & 36 deletions ...pring-security-flow/src/main/java/com/vaadin/flow/spring/flowsecurity/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,32 +1,34 @@
package com.vaadin.flow.spring.flowsecurity;

import java.util.stream.Collectors;

import javax.servlet.ServletContext;

import com.vaadin.flow.spring.RootMappedCondition;
import com.vaadin.flow.spring.VaadinConfigurationProperties;
import com.vaadin.flow.spring.flowsecurity.data.UserInfo;
import com.vaadin.flow.spring.flowsecurity.data.UserInfoRepository;
import com.vaadin.flow.spring.flowsecurity.views.LoginView;
import com.vaadin.flow.spring.security.VaadinWebSecurityConfigurerAdapter;
import java.util.stream.Collectors;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

import com.vaadin.flow.spring.RootMappedCondition;
import com.vaadin.flow.spring.VaadinConfigurationProperties;
import com.vaadin.flow.spring.flowsecurity.data.UserInfo;
import com.vaadin.flow.spring.flowsecurity.data.UserInfoRepository;
import com.vaadin.flow.spring.flowsecurity.views.LoginView;
import com.vaadin.flow.spring.security.VaadinWebSecurity;

@EnableWebSecurity
@Configuration
public class SecurityConfig extends VaadinWebSecurityConfigurerAdapter {
public class SecurityConfig extends VaadinWebSecurity {

public static String ROLE_USER = "user";
public static String ROLE_ADMIN = "admin";
Expand Down Expand Up @@ -60,38 +62,34 @@ public String getLogoutSuccessUrl() {
}

@Override
protected void configure(HttpSecurity http) throws Exception {
// Admin only access for given resources
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin-only/**")
.hasAnyRole(ROLE_ADMIN);

http.authorizeRequests().antMatchers("/public/**").permitAll();
super.configure(http);

setLoginView(http, LoginView.class, getLogoutSuccessUrl());
}

@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
web.ignoring().antMatchers("/public/**");
}

@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(username -> {
UserInfo userInfo = userInfoRepository.findByUsername(username);
if (userInfo == null) {
throw new UsernameNotFoundException(
"No user present with username: " + username);
} else {
return new User(userInfo.getUsername(),
userInfo.getEncodedPassword(),
userInfo.getRoles().stream()
.map(role -> new SimpleGrantedAuthority(
"ROLE_" + role))
.collect(Collectors.toList()));
@Bean
public InMemoryUserDetailsManager userDetailsService() {
return new InMemoryUserDetailsManager() {
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
UserInfo userInfo = userInfoRepository.findByUsername(username);
if (userInfo == null) {
throw new UsernameNotFoundException(
"No user present with username: " + username);
} else {
return new User(userInfo.getUsername(),
userInfo.getEncodedPassword(),
userInfo.getRoles().stream()
.map(role -> new SimpleGrantedAuthority(
"ROLE_" + role))
.collect(Collectors.toList()));
}
}
});
};
}

}
Loading