io.mosip.kernel.auth.adapter.config

Class SecurityConfig

java.lang.Object

org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

io.mosip.kernel.auth.adapter.config.SecurityConfig

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>

@Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled=true)
 @Order(value=2)
public class SecurityConfig
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Holds the main configuration for authentication and authorization using spring security. Inclusions: 1. AuthenticationManager bean configuration: a. This is assigned an authProvider that we implemented. This option can include multiple auth providers if necessary based on the requirement. b. RETURNS an instance of the ProviderManager. 2. AuthFilter bean configuration: a. This extends AbstractAuthenticationProcessingFilter. b. Instance of the AuthFilter is created. c. This filter comes in line after the AuthHeadersFilter. d. Binds the AuthenticationManager instance created with the filter. e. Binds the AuthSuccessHandler created with the filter. f. RETURNS an instance of the AuthFilter. 3. RestTemplate bean configuration: a. Binds the ClientInterceptor instance with the RestTemplate instance created. b. RETURNS an instance of the RestTemplate. 4. Secures endpoints using antMatchers and adds filters in a sequence for execution.

Since:

1.0.0

Author:

Sabbu Uday Kumar, Ramadurai Saravana Pandian, Raj Jha

Constructor Summary

Constructors

Constructor and Description
SecurityConfig()

Method Summary

Modifier and Type	Method and Description
org.springframework.security.authentication.AuthenticationManager	authenticationManager()
AuthFilter	authFilter()
protected void	configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
org.springframework.boot.web.servlet.FilterRegistrationBean<AuthFilter>	registration(AuthFilter filter)

Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

authenticationManagerBean, configure, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityConfig

public SecurityConfig()

Method Detail

authenticationManager

@Bean
public org.springframework.security.authentication.AuthenticationManager authenticationManager()

Overrides:

authenticationManager in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

authFilter

@Bean
public AuthFilter authFilter()

registration

@Bean
public org.springframework.boot.web.servlet.FilterRegistrationBean<AuthFilter> registration(AuthFilter filter)

configure

protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                  throws Exception

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Throws:

Exception