minifi-c2/minifi-c2-service/src/main/java/org/apache/nifi/minifi/c2/security/SecurityConfiguration.java - nifi-minifi - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.nifi.minifi.c2.security;

 import org.apache.nifi.minifi.c2.security.authentication.C2AnonymousAuthenticationFilter;
 import org.apache.nifi.minifi.c2.security.authentication.X509AuthenticationFilter;
 import org.apache.nifi.minifi.c2.security.authentication.X509AuthenticationProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportResource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;

 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @ImportResource({"classpath:minifi-c2-web-security-context.xml"})
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     private AuthenticationProvider authenticationProvider;
     private X509AuthenticationFilter x509AuthenticationFilter;
     private C2AnonymousAuthenticationFilter c2AnonymousAuthenticationFilter;

     public SecurityConfiguration() {
         super(true);
     }

     @Bean
     @Override
     public AuthenticationManager authenticationManagerBean() throws Exception {
         // override xxxBean method so the authentication manager is available in app context (necessary for the method level security)
         return super.authenticationManagerBean();
     }

     @Override
     public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers("/access", "/access/config", "/access/token", "/access/kerberos");
     }

     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
                 .rememberMe().disable().authorizeRequests().anyRequest().fullyAuthenticated().and()
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
         http.addFilterBefore(x509AuthenticationFilter, AnonymousAuthenticationFilter.class);
         http.anonymous().authenticationFilter(c2AnonymousAuthenticationFilter);
     }

     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.authenticationProvider(authenticationProvider);
     }

     @Autowired
     public void setX509AuthenticationProvider(X509AuthenticationProvider x509AuthenticationProvider) {
         this.authenticationProvider = x509AuthenticationProvider;
     }

     @Autowired
     public void setX509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) {
         this.x509AuthenticationFilter = x509AuthenticationFilter;
     }

     @Autowired
     public void setC2AnonymousAuthenticationFilter(C2AnonymousAuthenticationFilter c2AnonymousAuthenticationFilter) {
         this.c2AnonymousAuthenticationFilter = c2AnonymousAuthenticationFilter;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.nifi.minifi.c2.security;

	import org.apache.nifi.minifi.c2.security.authentication.C2AnonymousAuthenticationFilter;
	import org.apache.nifi.minifi.c2.security.authentication.X509AuthenticationFilter;
	import org.apache.nifi.minifi.c2.security.authentication.X509AuthenticationProvider;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import org.springframework.context.annotation.ImportResource;
	import org.springframework.security.authentication.AuthenticationManager;
	import org.springframework.security.authentication.AuthenticationProvider;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.builders.WebSecurity;
	import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.config.http.SessionCreationPolicy;
	import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;

	@Configuration
	@EnableWebSecurity
	@EnableGlobalMethodSecurity(prePostEnabled = true)
	@ImportResource({"classpath:minifi-c2-web-security-context.xml"})
	public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
	private AuthenticationProvider authenticationProvider;
	private X509AuthenticationFilter x509AuthenticationFilter;
	private C2AnonymousAuthenticationFilter c2AnonymousAuthenticationFilter;

	public SecurityConfiguration() {
	super(true);
	}

	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
	// override xxxBean method so the authentication manager is available in app context (necessary for the method level security)
	return super.authenticationManagerBean();
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
	web.ignoring().antMatchers("/access", "/access/config", "/access/token", "/access/kerberos");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http
	.rememberMe().disable().authorizeRequests().anyRequest().fullyAuthenticated().and()
	.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	http.addFilterBefore(x509AuthenticationFilter, AnonymousAuthenticationFilter.class);
	http.anonymous().authenticationFilter(c2AnonymousAuthenticationFilter);
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.authenticationProvider(authenticationProvider);
	}

	@Autowired
	public void setX509AuthenticationProvider(X509AuthenticationProvider x509AuthenticationProvider) {
	this.authenticationProvider = x509AuthenticationProvider;
	}

	@Autowired
	public void setX509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) {
	this.x509AuthenticationFilter = x509AuthenticationFilter;
	}

	@Autowired
	public void setC2AnonymousAuthenticationFilter(C2AnonymousAuthenticationFilter c2AnonymousAuthenticationFilter) {
	this.c2AnonymousAuthenticationFilter = c2AnonymousAuthenticationFilter;
	}
	}