Package yakworks.security.spring
Class DefaultSecurityConfiguration
- java.lang.Object
-
- yakworks.security.spring.DefaultSecurityConfiguration
-
@Configuration @Lazy @Import(JwtConfiguration.class) public class DefaultSecurityConfiguration extends java.lang.Object
-
-
Constructor Summary
Constructors Constructor Description DefaultSecurityConfiguration()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static voidaddJsonAuthenticationFilter(org.springframework.security.config.annotation.web.builders.HttpSecurity http, yakworks.security.spring.token.store.TokenStore tokenStore)Legacy, Helper to setup a Filter to pick up POST to /api/login to it can be a REST call instead of just form post.static voidapplyBasicDefaults(org.springframework.security.config.annotation.web.builders.HttpSecurity http)Helper to set up HttpSecurity builder with default requestMatchers and forms.static voidapplyOauthJwt(org.springframework.security.config.annotation.web.builders.HttpSecurity http)Sets up the JWTstatic voidapplySamlSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity http, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)Example for simple Saml setup.org.springframework.security.authentication.AuthenticationManagerauthenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authConfig)yakworks.security.spring.user.AuthSuccessUserInfoListenerauthSuccessUserInfoListener()yakworks.security.user.CurrentUsercurrentUser()yakworks.security.user.CurrentUserHolderCurrentUserHolder()yakworks.security.spring.token.generator.OpaqueTokenGeneratoropaqueTokenGenerator()org.springframework.security.crypto.password.PasswordEncoderpasswordEncoder()yakworks.security.services.PasswordValidatorpasswordValidator()yakworks.security.SecServicesecService()org.springframework.security.web.SecurityFilterChainsecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)Default securityFilterChain.yakworks.security.spring.token.generator.StoreTokenGeneratorstoreTokenGenerator()
-
-
-
Method Detail
-
applyBasicDefaults
public static void applyBasicDefaults(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws java.lang.ExceptionHelper to set up HttpSecurity builder with default requestMatchers and forms. NOTE: this is more of an example and common place for smoke test apps to use. In your production app you would set this up for its specifc security needs- Throws:
java.lang.Exception
-
applySamlSecurity
public static void applySamlSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity http, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler) throws java.lang.ExceptionExample for simple Saml setup. Its largely dealt with in the configuration.- Throws:
java.lang.Exception
-
addJsonAuthenticationFilter
public static void addJsonAuthenticationFilter(org.springframework.security.config.annotation.web.builders.HttpSecurity http, yakworks.security.spring.token.store.TokenStore tokenStore) throws java.lang.ExceptionLegacy, Helper to setup a Filter to pick up POST to /api/login to it can be a REST call instead of just form post. adds JsonUsernamePasswordLoginFilter under /api/login and forwards it to api/tokenLegacy- Throws:
java.lang.Exception
-
applyOauthJwt
public static void applyOauthJwt(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws java.lang.ExceptionSets up the JWT- Throws:
java.lang.Exception
-
securityFilterChain
@Bean @ConditionalOnMissingBean(org.springframework.security.web.SecurityFilterChain.class) public org.springframework.security.web.SecurityFilterChain securityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws java.lang.ExceptionDefault securityFilterChain. Helper to set up HttpSecurity builder with default requestMatchers and forms. NOTE: this is more of an example and a common simple setup for smoke test apps to use. In your production app you would set this up and replace for its specifc security needs- Throws:
java.lang.Exception
-
authenticationManager
@Bean public org.springframework.security.authentication.AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authConfig) throws java.lang.Exception- Throws:
java.lang.Exception
-
authSuccessUserInfoListener
@Bean @Lazy(false) public yakworks.security.spring.user.AuthSuccessUserInfoListener authSuccessUserInfoListener()
-
secService
@Bean @ConditionalOnMissingBean public yakworks.security.SecService secService()
-
CurrentUserHolder
@Bean("${CurrentUserHolder.name}") @Lazy(false) @Role(2) public yakworks.security.user.CurrentUserHolder CurrentUserHolder()
-
currentUser
@Bean @ConditionalOnMissingBean public yakworks.security.user.CurrentUser currentUser()
-
passwordValidator
@Bean @ConditionalOnMissingBean public yakworks.security.services.PasswordValidator passwordValidator()
-
passwordEncoder
@Bean @ConditionalOnMissingBean public org.springframework.security.crypto.password.PasswordEncoder passwordEncoder()
-
opaqueTokenGenerator
@Bean @ConditionalOnMissingBean public yakworks.security.spring.token.generator.OpaqueTokenGenerator opaqueTokenGenerator()
-
storeTokenGenerator
@Bean @ConditionalOnMissingBean public yakworks.security.spring.token.generator.StoreTokenGenerator storeTokenGenerator()
-
-