LemonSecurityConfig

java.lang.Object
- org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
- - com.naturalprogrammer.spring.lemon.security.LemonSecurityConfig

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>
```
public class LemonSecurityConfig
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
```
Security configuration class. Extend it in the application, and make a configuration class. Override protected methods, if you need any customization.

Author:

Sanjay Patel

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`GOOD_ADMIN`
`static java.lang.String`	`GOOD_USER`
`static java.lang.String`	`TOKEN_PREFIX`
`static java.lang.String`	`TOKEN_REQUEST_HEADER_NAME`
`static java.lang.String`	`TOKEN_RESPONSE_HEADER_NAME`

Constructor Summary

Constructors
Constructor and Description

LemonSecurityConfig()

Constructors
Constructor and Description
`LemonSecurityConfig()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`authorizeRequests(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` URL based authorization configuration.
`protected void`	`configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)` Needed for configuring JwtAuthenticationProvider
`protected void`	`configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Security configuration, calling protected methods
`protected void`	`cors(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Configures CORS
`void`	createLemonSecurityConfig(LemonProperties properties, org.springframework.security.core.userdetails.UserDetailsService userDetailsService, AuthenticationSuccessHandler authenticationSuccessHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler, LemonOidcUserService oidcUserService, LemonOAuth2UserService<?,?> oauth2UserService, OAuth2AuthenticationSuccessHandler<?> oauth2AuthenticationSuccessHandler, OAuth2AuthenticationFailureHandler oauth2AuthenticationFailureHandler, JwtAuthenticationProvider<?,?> jwtAuthenticationProvider, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
`protected void`	`csrf(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Disables CSRF.
`protected void`	`exceptionHandling(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Configures exception-handling
`org.springframework.security.authentication.AuthenticationManager`	`getAuthenticationManager()` Returns AuthenticationManager, to be used for configuring LemonTokenAuthenticationFilter
`protected void`	`login(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Configuring authentication.
`protected void`	`logout(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Logout related configuration
`protected void`	`otherConfigurations(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Override this to add more http configurations, such as more authentication methods.
`protected void`	`sessionCreationPolicy(org.springframework.security.config.annotation.web.builders.HttpSecurity http)` Configuring Session creation policy

Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
authenticationManager, authenticationManagerBean, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

GOOD_ADMIN

public static final java.lang.String GOOD_ADMIN

See Also:: Constant Field Values

GOOD_USER

public static final java.lang.String GOOD_USER

See Also:: Constant Field Values

TOKEN_PREFIX

public static final java.lang.String TOKEN_PREFIX

See Also:: Constant Field Values

TOKEN_REQUEST_HEADER_NAME

public static final java.lang.String TOKEN_REQUEST_HEADER_NAME

See Also:: Constant Field Values

TOKEN_RESPONSE_HEADER_NAME

public static final java.lang.String TOKEN_RESPONSE_HEADER_NAME

See Also:: Constant Field Values

Constructor Detail
- LemonSecurityConfig
```
public LemonSecurityConfig()
```

Method Detail

createLemonSecurityConfig

@Autowired
public void createLemonSecurityConfig(LemonProperties properties,
                                                  org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
                                                  AuthenticationSuccessHandler authenticationSuccessHandler,
                                                  org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler,
                                                  LemonOidcUserService oidcUserService,
                                                  LemonOAuth2UserService<?,?> oauth2UserService,
                                                  OAuth2AuthenticationSuccessHandler<?> oauth2AuthenticationSuccessHandler,
                                                  OAuth2AuthenticationFailureHandler oauth2AuthenticationFailureHandler,
                                                  JwtAuthenticationProvider<?,?> jwtAuthenticationProvider,
                                                  org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)

configure
```
protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                  throws java.lang.Exception
```
Security configuration, calling protected methods

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Throws:

java.lang.Exception

sessionCreationPolicy

protected void sessionCreationPolicy(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                              throws java.lang.Exception

Configuring Session creation policy

Throws:: java.lang.Exception

login

protected void login(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
              throws java.lang.Exception

Configuring authentication.

Throws:: java.lang.Exception

logout

protected void logout(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
               throws java.lang.Exception

Logout related configuration

Throws:: java.lang.Exception

exceptionHandling

protected void exceptionHandling(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                          throws java.lang.Exception

Configures exception-handling

Throws:: java.lang.Exception

csrf

protected void csrf(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
             throws java.lang.Exception

Disables CSRF. We are stateless.

Throws:: java.lang.Exception

cors

protected void cors(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
             throws java.lang.Exception

Configures CORS

Throws:: java.lang.Exception

authorizeRequests

protected void authorizeRequests(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                          throws java.lang.Exception

URL based authorization configuration. Override this if needed.

Throws:: java.lang.Exception

otherConfigurations

protected void otherConfigurations(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                            throws java.lang.Exception

Override this to add more http configurations, such as more authentication methods.

Parameters:: http -
Throws:: java.lang.Exception

configure
```
protected void configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
                  throws java.lang.Exception
```
Needed for configuring JwtAuthenticationProvider

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Throws:

java.lang.Exception

getAuthenticationManager

public org.springframework.security.authentication.AuthenticationManager getAuthenticationManager()
                                                                                           throws java.lang.Exception

Returns AuthenticationManager, to be used for configuring LemonTokenAuthenticationFilter

Throws:: java.lang.Exception

Class LemonSecurityConfig