@EnableWebSecurity
@Order(value=2147483640)
public class WebSecurityConfig
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
| Constructor and Description |
|---|
WebSecurityConfig(LoginAuthProvider loginAuthProvider,
TokenAuthProvider tokenAuthProvider,
org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler,
org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler,
RestAuthEntryPoint authEntryPoint,
JwtTokenService jwtTokenService,
com.fasterxml.jackson.databind.ObjectMapper objectMapper,
OneOpsConfig oneOpsConfig,
String mgmtContext,
String mgmtUser,
String mgmtPasswd) |
| Modifier and Type | Method and Description |
|---|---|
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder |
bCryptPasswordEncoder() |
protected void |
configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
The method configures 3 authentication providers, namely
|
protected void |
configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
Configures two filters namely, login and auth filters in the same order.
|
void |
configure(org.springframework.security.config.annotation.web.builders.WebSecurity web) |
org.springframework.web.cors.CorsConfigurationSource |
corsConfigurationSource()
Cross-Origin Resource Sharing (CORS) configuration for all the cross-domain REST API calls.
|
authenticationManager, authenticationManagerBean, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBeanpublic WebSecurityConfig(LoginAuthProvider loginAuthProvider, TokenAuthProvider tokenAuthProvider, org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler failureHandler, RestAuthEntryPoint authEntryPoint, JwtTokenService jwtTokenService, com.fasterxml.jackson.databind.ObjectMapper objectMapper, OneOpsConfig oneOpsConfig, @Value(value="${management.context-path}") String mgmtContext, @Value(value="${management.user}") String mgmtUser, @Value(value="${management.password}") String mgmtPasswd)
@Bean @Lazy public org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder bCryptPasswordEncoder()
protected void configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
throws Exception
1. LoginAuthProvider - Only for login requests 2. TokenAuthProvider - For
all requests except management endpoints 3. InMemoryAuthentication - For management endpoints
and user/password auth fallback.
configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapterExceptionprotected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
throws Exception
LoginProcessingFilter is for all the login (/auth/token) requests and TokenAuthProcessingFilter is for other requests to check the presence of JWT in header.configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapterhttp - http securityException - throws if any error configuring Web security.public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web)
throws Exception
configure in interface org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapterException@Bean public org.springframework.web.cors.CorsConfigurationSource corsConfigurationSource()
Copyright © 2018 Walmart, Inc.. All rights reserved.