Class SecurityConfiguration

java.lang.Object
de.gustavblass.fsu.fmi.roombooking.configuration.SecurityConfiguration
@Configuration @EnableWebSecurity @EnableMethodSecurity public class SecurityConfiguration extends Object
Configures authentication and authorisation for the Spring application.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private boolean
    enableLocalRegistration
    Whether local registrations are enabled.
    private final @Nullable String
    ldapBase
    See AbstractContextSource.setBase(String).
    private final @Nullable String
    ldapUrl
    The URL of the LDAP server, including the matching protocol.
    private final @Nullable String
    userDnPattern
    See AbstractLdapAuthenticator.setUserDnPatterns(java.lang.String[]).
    private @NonNull Duration
    verificationTokenValidity
    The timespan after which a VerificationToken shall expire.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityConfiguration(@Nullable String ldapUrl, @Nullable String ldapBase, @Nullable String userDnPattern, @Nullable String enableLocalRegistration, @Nullable Duration verificationTokenValidity)
    Constructs a new SecurityConfiguration.

  • Method Summary

    Modifier and Type
    Method
    Description
    @NonNull org.springframework.security.crypto.argon2.Argon2PasswordEncoder
    argon2PasswordEncoder()
    Creates a new Argon2PasswordEncoder with Spring's defaults in order to hash the users' login credentials so that they're protected from being stolen by unauthorised people accessing the database.
    @NonNull org.springframework.security.authentication.AuthenticationEventPublisher
    authenticationEventPublisher(@NonNull org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
    Creates a new AuthenticationEventPublisher.
    @NonNull org.springframework.security.authentication.AuthenticationManager
    authenticationManager(@NonNull org.springframework.security.core.userdetails.UserDetailsService userDetailsService, @NonNull org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, @NonNull org.springframework.security.authentication.AuthenticationEventPublisher authenticationEventPublisher, @Nullable org.springframework.security.ldap.authentication.LdapAuthenticationProvider ldapAuthenticationProvider)
    Creates a new DaoAuthenticationProvider using the UserDetailsService and an argon2PasswordEncoder().
    @NonNull org.springframework.security.web.authentication.AuthenticationSuccessHandler
    authenticationSuccessHandler()
     
    @Nullable org.springframework.security.ldap.authentication.BindAuthenticator
    bindAuthenticator()
    Creates the authentication strategy for the ldapAuthenticationProvider(UserDetailsService, BindAuthenticator).
    @Nullable org.springframework.security.ldap.authentication.LdapAuthenticationProvider
    ldapAuthenticationProvider(@NonNull org.springframework.security.core.userdetails.UserDetailsService userDetailsService, @Nullable org.springframework.security.ldap.authentication.BindAuthenticator bindAuthenticator)
    Creates a new LdapAuthenticationProvider based on the given BindAuthenticator.
    (package private) static @NonNull org.springframework.security.access.expression.method.MethodSecurityExpressionHandler
    methodSecurityExpressionHandler(@NonNull org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy)
    Creates a new DefaultMethodSecurityExpressionHandler for the roleHierarchy().
    @NonNull RegistrationMode
    registrationMode()
    Determines the RegistrationMode configured in the application properties.
    (package private) static @NonNull org.springframework.security.access.hierarchicalroles.RoleHierarchy
    roleHierarchy()
    Specifies a RoleHierarchy where every role implicitly includes all lower roles.
    @NonNull org.springframework.security.web.SecurityFilterChain
    securityFilterChain(@NonNull org.springframework.security.config.annotation.web.builders.HttpSecurity http, @NonNull org.springframework.security.authentication.AuthenticationManager authenticationManager, @NonNull RegistrationMode registrationMode, @NonNull org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler)
    Sets up basic user-password authentication for all paths except for the following ones:
    @NonNull Duration
    verificationTokenValidity()
     

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • ldapUrl

      @Nullable private final @Nullable String ldapUrl
      The URL of the LDAP server, including the matching protocol.

    • ldapBase

      @Nullable private final @Nullable String ldapBase
      See AbstractContextSource.setBase(String).

    • userDnPattern

      @Nullable private final @Nullable String userDnPattern
      See AbstractLdapAuthenticator.setUserDnPatterns(java.lang.String[]). Only one is expected.

    • enableLocalRegistration

      private boolean enableLocalRegistration
      Whether local registrations are enabled. If true, LDAP registrations can still be enabled (i.e. that setting is not affected by this setting).

    • verificationTokenValidity

      @NonNull private @NonNull Duration verificationTokenValidity
      The timespan after which a VerificationToken shall expire.

  • Constructor Details

    • SecurityConfiguration

      public SecurityConfiguration(@Nullable @Value("${spring.ldap.urls:}") @Nullable String ldapUrl, @Nullable @Value("${spring.ldap.base:}") @Nullable String ldapBase, @Nullable @Value("${spring.ldap.userDnPattern:}") @Nullable String userDnPattern, @Nullable @Value("${application.registration.local:}") @Nullable String enableLocalRegistration, @Nullable @Value("${application.verificationToken.validity:}") @Nullable Duration verificationTokenValidity)
      Constructs a new SecurityConfiguration.
      Parameters:
      ldapUrl - The ldapUrl.
      ldapBase - The ldapBase.
      userDnPattern - The userDnPattern.
      enableLocalRegistration - The value for enableLocalRegistration.
      verificationTokenValidity - The verificationTokenValidity.

  • Method Details

    • registrationMode

      @Bean("registrationMode") @NonNull public @NonNull RegistrationMode registrationMode()
      Determines the RegistrationMode configured in the application properties.
      Returns:
      The registration mode configured.

    • securityFilterChain

      @Bean @DependsOn({"authenticationManager","registrationMode","authenticationSuccessHandler"}) @NonNull public @NonNull org.springframework.security.web.SecurityFilterChain securityFilterChain(@NonNull @NonNull org.springframework.security.config.annotation.web.builders.HttpSecurity http, @NonNull @NonNull org.springframework.security.authentication.AuthenticationManager authenticationManager, @NonNull @NonNull RegistrationMode registrationMode, @NonNull @NonNull org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler) throws Exception

      Sets up basic user-password authentication for all paths except for the following ones:

      • assets: /css/**, /js/**, /images/**
      • /login, /fehler/**, /error/**, /logout, /
      • /räume/**, en/rooms/**, /api/*/rooms/**
      • /swagger-ui/**

      Requires authority ActorAuthority.FACULTY_ADMINISTRATION or higher for /admin/**, /en/admin/** and /api/*/admin/**.

      Parameters:
      http - Used to configure the security filter chain.
      authenticationManager - Used to validate log-ins.
      Returns:
      The SecurityFilterChain representing the above authentication and authorisation rules.
      Throws:
      Exception - See HttpSecurity.authorizeHttpRequests().

    • authenticationSuccessHandler

      @Bean("authenticationSuccessHandler") @NonNull public @NonNull org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler()
      Returns:
      A new SessionAndSavedRequestAwareAuthenticationSuccessHandler.

    • authenticationManager

      @Bean("authenticationManager") @DependsOn("ldap") @NonNull public @NonNull org.springframework.security.authentication.AuthenticationManager authenticationManager(@NonNull @NonNull org.springframework.security.core.userdetails.UserDetailsService userDetailsService, @NonNull @NonNull org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, @NonNull @NonNull org.springframework.security.authentication.AuthenticationEventPublisher authenticationEventPublisher, @Nullable @Nullable org.springframework.security.ldap.authentication.LdapAuthenticationProvider ldapAuthenticationProvider)
      Creates a new DaoAuthenticationProvider using the UserDetailsService and an argon2PasswordEncoder().
      Parameters:
      userDetailsService - The UserDetailsService used for authentication.
      passwordEncoder - The PasswordEncoder for hashing.
      authenticationEventPublisher - Configured in the new ProviderManager.
      ldapAuthenticationProvider - If provided, will be passed to the AuthenticationManager that is created.
      Returns:
      The AuthenticationProvider used for authenticating the users in the UserDetailsService.

    • ldapAuthenticationProvider

      @Bean("ldap") @DependsOn("bindAuthenticator") @Contract("_, null -> null") @Nullable public @Nullable org.springframework.security.ldap.authentication.LdapAuthenticationProvider ldapAuthenticationProvider(@NonNull @NonNull org.springframework.security.core.userdetails.UserDetailsService userDetailsService, @Nullable @Nullable org.springframework.security.ldap.authentication.BindAuthenticator bindAuthenticator)
      Creates a new LdapAuthenticationProvider based on the given BindAuthenticator. If it is null, then null is returned.
      Parameters:
      userDetailsService - Used to compare the LDAP server's user data to the user data in the local database. If this UserDetailsService is not an ActorService, then no LdapAuthenticationProvider is created.
      bindAuthenticator - Does the actual authentication.
      Returns:
      An LdapAuthenticationProvider that facilitates log-in verification with a specified LDAP server. null if the bindAuthenticator is null.

    • bindAuthenticator

      @Bean("bindAuthenticator") @Nullable public @Nullable org.springframework.security.ldap.authentication.BindAuthenticator bindAuthenticator()
      Creates the authentication strategy for the ldapAuthenticationProvider(UserDetailsService, BindAuthenticator). Uses the ldapUrl, ldapBase and userDnPattern.
      Returns:
      A new BindAuthenticator.

    • argon2PasswordEncoder

      @Bean @NonNull public @NonNull org.springframework.security.crypto.argon2.Argon2PasswordEncoder argon2PasswordEncoder()
      Creates a new Argon2PasswordEncoder with Spring's defaults in order to hash the users' login credentials so that they're protected from being stolen by unauthorised people accessing the database.
      Returns:
      The new Argon2 password encoder.

    • verificationTokenValidity

      @Bean @NonNull public @NonNull Duration verificationTokenValidity()
      Returns:
      The verificationTokenValidity.

    • authenticationEventPublisher

      @Bean @NonNull public @NonNull org.springframework.security.authentication.AuthenticationEventPublisher authenticationEventPublisher(@NonNull @NonNull org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
      Creates a new AuthenticationEventPublisher.
      Parameters:
      applicationEventPublisher - The ApplicationEventPublisher used by the new DefaultAuthenticationEventPublisher.
      Returns:
      A new DefaultAuthenticationEventPublisher.

    • roleHierarchy

      @Bean @NonNull static @NonNull org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy()

      Specifies a RoleHierarchy where every role implicitly includes all lower roles. Sorted by descending priority:

      Returns:
      The role hierarchy as stated above.

    • methodSecurityExpressionHandler

      @Bean @NonNull static @NonNull org.springframework.security.access.expression.method.MethodSecurityExpressionHandler methodSecurityExpressionHandler(@NonNull @NonNull org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy)
      Creates a new DefaultMethodSecurityExpressionHandler for the roleHierarchy().
      Parameters:
      roleHierarchy - The role hierarchy that shall be used for authorisation.
      Returns:
      The new DefaultMethodSecurityExpressionHandler.