View Javadoc
1   package cn.home1.oss.environment.admin;
2   
3   import org.springframework.beans.factory.annotation.Autowired;
4   import org.springframework.boot.autoconfigure.security.SecurityProperties;
5   import org.springframework.context.annotation.Configuration;
6   import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7   import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8   import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
9   import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10  
11  /**
12   * Created by leo on 16/11/28.
13   */
14  @Configuration
15  @EnableWebSecurity
16  public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
17  
18    @Autowired
19    private SecurityProperties securityProperties;
20  
21    private static final String ADMIN_ROLE_NAME = "ADMIN";
22    private static final String USER_ROLE_NAME = "USER";
23    private static final int USER_ROLE_FIRST_INDEX = 0;
24    private static final int USER_ROLE_SECOND_INDEX = 1;
25  
26    @Override
27    protected void configure(final HttpSecurity http) throws Exception {
28  
29      // Below config is a temporary solution to protect management endpoints.
30      http
31          .authorizeRequests()
32          .antMatchers( //
33              "/health", //
34              "/env", //
35              "/metrics", //
36              "/jolokia", //
37              "/dump", //
38              "/shutdown", //
39              "/beans", //
40              "/trace" //
41          )
42          .fullyAuthenticated().and()
43          .httpBasic();
44  
45      http
46          .csrf().disable()
47          .authorizeRequests()
48          .antMatchers("/", "/index.html").hasRole(USER_ROLE_NAME)
49          .antMatchers("/api/applications/**/env",
50              "/api/applications/**/jolokia",
51              "/api/applications/**/heapdump")
52          .hasRole(ADMIN_ROLE_NAME)
53          .anyRequest().permitAll()
54          .and()
55          .formLogin()
56          .loginPage("/login")
57          .defaultSuccessUrl("/")
58          .permitAll()
59          .and()
60          .logout()
61          .permitAll();
62    }
63  
64    @Autowired
65    public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
66      SecurityProperties.User user = securityProperties.getUser();
67      auth
68          .inMemoryAuthentication()
69          .withUser(user.getName()).password(user.getPassword()).roles(user.getRole().get(USER_ROLE_FIRST_INDEX), user
70          .getRole().get(USER_ROLE_SECOND_INDEX)).and()
71          .withUser("user").password("user_pass").roles(USER_ROLE_NAME, ADMIN_ROLE_NAME).and()
72          .withUser("oss").password("oss").roles(USER_ROLE_NAME);
73    }
74  }