@Bean public ResourceServerConfigurer resourceServer(SecurityProperties securityProperties) { return new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID); } @Override public void configure(HttpSecurity http) throws Exception { if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } http.authorizeRequests() .antMatchers(HttpMethod.POST, "/patients/**").access(hasScopes("phr.hie_write", "registration.write")) .antMatchers(HttpMethod.GET, "/management/**").access(hasScope("registration.management")) .antMatchers(HttpMethod.POST, "/management/**").access(hasScope("registration.management")) .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .anyRequest().denyAll(); } }; }
@Bean public ResourceServerConfigurer resourceServer(SecurityProperties securityProperties) { return new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID); } @Override public void configure(HttpSecurity http) throws Exception { if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } http.authorizeRequests() // TODO: May add permission for accessing following resource .antMatchers(HttpMethod.POST, "/segmentedDocument/**").permitAll() .antMatchers(HttpMethod.POST, "/validateDocument/**").permitAll() // Security scope for accessing management endpoint .antMatchers(HttpMethod.GET, "/management/**").access(hasScope("dss.management")) .antMatchers(HttpMethod.POST, "/management/**").access(hasScope("dss.management")) .anyRequest().denyAll(); } }; }
@Override @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) protected void configure(final HttpSecurity httpSecurity) throws Exception { httpSecurity .authorizeRequests() .antMatchers("/fonts/**").permitAll() .antMatchers("/register").permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage("/login").permitAll() .and() .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll() .and() .exceptionHandling().accessDeniedPage("/access?error") .and().headers().xssProtection().block(false).xssProtectionEnabled(false).and() // Default setting for Spring Boot to activate XSS Protection (dont fix!) .and().csrf().disable(); // FIXME [dh] Enabling CSRF prevents file upload, must be fixed }
@Bean public ResourceServerConfigurer resourceServer(SecurityProperties securityProperties) { return new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID); } @Override public void configure(HttpSecurity http) throws Exception { if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } http.authorizeRequests() // TODO: May add permission for accessing following resource .antMatchers(HttpMethod.POST, "/policyEnforcement/**").permitAll() // Security scope for accessing management endpoint .antMatchers(HttpMethod.GET, "/management/**").access(hasScope("contextHandler.management")) .antMatchers(HttpMethod.POST, "/management/**").access(hasScope("contextHandler.management")) .anyRequest().denyAll(); } }; }
@Bean public ResourceServerConfigurer resourceServer(SecurityProperties securityProperties) { return new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID); } @Override public void configure(HttpSecurity http) throws Exception { if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } http.authorizeRequests() .antMatchers(HttpMethod.GET, "/management/**").access(hasScope("patientUser.management")) .antMatchers(HttpMethod.POST, "/management/**").access(hasScope("patientUser.management")) .antMatchers(HttpMethod.GET, "/creations/**").access(hasScopes("patientUser.read", "phr.allPatientProfiles_read", "scim.read")) .antMatchers(HttpMethod.POST, "/creations/**").access(hasScopes("patientUser.write", "phr.allPatientProfiles_read", "scim.write")) .antMatchers(HttpMethod.POST, "/scopeAssignments").access(hasScopes("patientUser.scope_assign")) .antMatchers(HttpMethod.POST, "/activations/**").permitAll() .antMatchers(HttpMethod.GET, "/verifications/**").permitAll() .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .anyRequest().denyAll(); } }; }
@Bean public FilterRegistrationBean<OAuth2ClientContextFilter> oauth2ClientFilterRegistration( OAuth2ClientContextFilter filter, SecurityProperties security) { FilterRegistrationBean<OAuth2ClientContextFilter> registration = new FilterRegistrationBean<>(); registration.setFilter(filter); registration.setOrder(security.getFilter().getOrder() - 10); return registration; }
public CasHttpSecurityConfigurerAdapter(List<CasSecurityConfigurer> configurers, SecurityProperties securityProperties, CasSecurityProperties casSecurityProperties, CasAuthenticationEntryPoint authenticationEntryPoint, ServiceProperties serviceProperties, TicketValidator ticketValidator, ObjectPostProcessor<Object> objectPostProcessor) { this.configurers = configurers; this.securityProperties = securityProperties; this.casSecurityProperties = casSecurityProperties; this.authenticationEntryPoint = authenticationEntryPoint; this.serviceProperties = serviceProperties; this.ticketValidator = ticketValidator; authenticationManagerBuilder = new AuthenticationManagerBuilder(objectPostProcessor); }
public DefaultCasSecurityConfigurerAdapter(SecurityProperties securityProperties, CasSecurityProperties casSecurityProperties, AbstractCasAssertionUserDetailsService userDetailsService, ServiceAuthenticationDetailsSource authenticationDetailsSource, ProxyGrantingTicketStorage proxyGrantingTicketStorage) { this.securityProperties = securityProperties; this.casSecurityProperties = casSecurityProperties; this.userDetailsService = userDetailsService; this.authenticationDetailsSource = authenticationDetailsSource; this.proxyGrantingTicketStorage = proxyGrantingTicketStorage; }
public SecurityConfiguration(SecurityProperties security, JwtSecurityProperties jwtSecurityProperties, PasswordEncoder passwordEncoder, UserDetailsService userDetailsService, TokenProvider tokenProvider) { this.security = security; this.jwtSecurityProperties = jwtSecurityProperties; this.passwordEncoder = passwordEncoder; this.userDetailsService = userDetailsService; this.tokenProvider = tokenProvider; }
/** * Checks whether beans are registered after auto configuration class has been registered */ @Test public void registerJwtAutoConfiguration() { this.context.register(SecurityProperties.class); this.context.register(JwtAutoConfiguration.class); this.context.refresh(); //assert this.context.getBean(TokenProvider.class); this.context.getBean(PasswordEncoder.class); this.context.getBean(UserDetailsService.class); this.context.getBean(SecurityEvaluationContextExtension.class); this.context.getBean(WebSecurityConfigurerAdapter.class); }
/** * Expects not to have {@link WebSecurityConfigurerAdapter} in context if property is set to false */ @Test(expected = NoSuchBeanDefinitionException.class) public void propertyAutoSecurityDisabled() { this.context.register(SecurityProperties.class); this.context.register(JwtAutoConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, "com.github.cobrijani.jwt.enabled:false"); this.context.refresh(); //assert this.context.getBean(WebSecurityConfigurerAdapter.class); }
@Override @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.formLogin().and().antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/img/**", "/webjars/**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Bean public ResourceServerConfigurer resourceServer(SecurityProperties securityProperties) { return new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID); } @Override public void configure(HttpSecurity http) throws Exception { if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } http.authorizeRequests() .antMatchers(HttpMethod.GET, "/management/**").access(hasScope("pcm.management")) .antMatchers(HttpMethod.POST, "/management/**").access(hasScope("pcm.management")) // FIXME (#27): Change following method to protect new attest consent endpoint .antMatchers(HttpMethod.GET, "/patients/consents/signConsent/**").access(hasScope("pcm.consent_sign")) // FIXME (#28): Change following method to protect new attest consent revocation endpoint .antMatchers(HttpMethod.GET, "/patients/consents/revokeConsent/**").access(hasScope("pcm.consent_revoke")) .antMatchers(HttpMethod.GET, "/patients/providers/**").access(hasScope("pcm.provider_read")) .antMatchers(HttpMethod.POST, "/patients/providers/**").access(hasScope("pcm.provider_create")) .antMatchers(HttpMethod.DELETE, "/patients/providers/**").access(hasScope("pcm.provider_delete")) .antMatchers(HttpMethod.GET, "/patients/consents/**").access(hasScope("pcm.consent_read")) .antMatchers(HttpMethod.POST, "/patients/consents/**").access(hasScope("pcm.consent_create")) .antMatchers(HttpMethod.PUT, "/patients/consents/**").access(hasScope("pcm.consent_update")) .antMatchers(HttpMethod.DELETE, "/patients/consents/**").access(hasScope("pcm.consent_delete")) .antMatchers(HttpMethod.GET, "/patients/activities/**").access(hasScope("pcm.activity_read")) .antMatchers(HttpMethod.GET, "/patients/clinicaldocuments/**").access(hasScope("pcm.clinicalDocument_read")) .antMatchers(HttpMethod.POST, "/patients/clinicaldocuments/**").access(hasScope("pcm.clinicalDocument_create")) .antMatchers(HttpMethod.DELETE, "/patients/clinicaldocuments/**").access(hasScope("pcm.clinicalDocument_delete")) .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .antMatchers(HttpMethod.GET, "/patients/purposeOfUse", "/patients/medicalSection", "/patients/sensitivityPolicy").authenticated() // TODO (#29)(BU): remove this permission after VSS is separated .antMatchers(HttpMethod.GET, "/lookupService/**").permitAll() .antMatchers(HttpMethod.POST, "/lookupService/**").permitAll() .anyRequest().denyAll(); } }; }
public ManagementWebSecurityConfigurerAdapter(SecurityProperties security, ManagementServerProperties management, ObjectProvider<ManagementContextResolver> contextResolverProvider) { this.security = security; this.management = management; this.contextResolver = contextResolverProvider.getIfAvailable(); }
@Bean public FilterRegistrationBean oauth2ClientFilterRegistration( OAuth2ClientContextFilter filter, SecurityProperties security) { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(filter); registration.setOrder(security.getFilterOrder() - 10); return registration; }
@Override public int getOrder() { if (this.sso.getFilterOrder() != null) { return this.sso.getFilterOrder(); } if (ClassUtils.isPresent( "org.springframework.boot.actuate.autoconfigure.ManagementServerProperties", null)) { // If > BASIC_AUTH_ORDER then the existing rules for the actuator // endpoints will take precedence. This value is < BASIC_AUTH_ORDER. return SecurityProperties.ACCESS_OVERRIDE_ORDER - 5; } return SecurityProperties.ACCESS_OVERRIDE_ORDER; }
@Bean public ResourceServerConfigurer resourceServer(SecurityProperties securityProperties) { return new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID); } @Override public void configure(HttpSecurity http) throws Exception { if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } http.authorizeRequests() .antMatchers(HttpMethod.GET, "/patients/healthInformation/**").access("#oauth2.hasScope('phr.hie_read')") .antMatchers(HttpMethod.POST, "/patients/healthInformation/publish").access("#oauth2.hasScope('phr.hie_write')") .antMatchers(HttpMethod.GET, "/patients/pageNumber/**").access("#oauth2.hasScope('phr.allPatients_read')") .antMatchers(HttpMethod.GET, "/patients/patientDemographic/**").access("#oauth2.hasScope('phr.allPatients_read')") .antMatchers(HttpMethod.GET, "/patients/search/**").access("#oauth2.hasScope('phr.allPatients_read')") .antMatchers(HttpMethod.GET, "/patients/*/profile").access("#oauth2.hasScope('phr.allPatientProfiles_read')") .antMatchers(HttpMethod.GET, "/patients/*/patientIdentifier").access("#oauth2.hasScope('phr.allPatientProfiles_read')") .antMatchers(HttpMethod.PUT, "/patients/*").access(hasScopes("phr.AllPatients_write", "phr.hie_write")) .antMatchers(HttpMethod.GET, "/patients").access("#oauth2.hasScope('phr.patient_read')") .antMatchers(HttpMethod.POST, "/patients").access(hasScopes("phr.hie_write", "registration.write")) .antMatchers(HttpMethod.GET, "/statecodes/**").access("#oauth2.hasScope('phr.patient_read')") .antMatchers(HttpMethod.GET, "/management/**").access("#oauth2.hasScope('phr.management')") .antMatchers(HttpMethod.POST, "/management/**").access("#oauth2.hasScope('phr.management')") .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .anyRequest().denyAll(); } }; }
@Bean public FilterRegistrationBean corsFilterRegistration() { FilterRegistrationBean filter = new FilterRegistrationBean(); CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); config.setAllowedMethods(Collections.singletonList(CorsConfiguration.ALL)); config.setAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL)); config.setAllowCredentials(true); filter.setFilter(new CorsFilter(r -> config)); filter.setUrlPatterns(Collections.singleton("/*")); filter.setOrder(SecurityProperties.DEFAULT_FILTER_ORDER - 1); return filter; }
@Autowired ControllerSecurityConfigurationAdapter(final ControllerManagement controllerManagement, final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware, final DdiSecurityProperties ddiSecurityConfiguration, final SecurityProperties springSecurityProperties, final SystemSecurityContext systemSecurityContext) { this.controllerManagement = controllerManagement; this.tenantConfigurationManagement = tenantConfigurationManagement; this.tenantAware = tenantAware; this.ddiSecurityConfiguration = ddiSecurityConfiguration; this.springSecurityProperties = springSecurityProperties; this.systemSecurityContext = systemSecurityContext; }
@Autowired ControllerDownloadSecurityConfigurationAdapter(final ControllerManagement controllerManagement, final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware, final DdiSecurityProperties ddiSecurityConfiguration, final SecurityProperties springSecurityProperties, final SystemSecurityContext systemSecurityContext) { this.controllerManagement = controllerManagement; this.tenantConfigurationManagement = tenantConfigurationManagement; this.tenantAware = tenantAware; this.ddiSecurityConfiguration = ddiSecurityConfiguration; this.springSecurityProperties = springSecurityProperties; this.systemSecurityContext = systemSecurityContext; }
@Bean @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) @ConditionalOnMissingBean(DefaultUrlSecurityConfigurer.class) @Autowired public DefaultUrlSecurityConfigurer defaultSecurityConfigurer(AccessDecisionManager accessDecisionManager){ return super.defaultSecurityConfigurer(accessDecisionManager); }
@Autowired public SecurityConfiguration(SecurityProperties securityProperties) { this.securityProperties = securityProperties; }
public SecurityController(SecurityProperties securityProperties) { this.securityProperties = securityProperties; }
@Bean public SecurityController securityController(SecurityProperties securityProperties) { return new SecurityController(securityProperties); }
@Bean @ConditionalOnMissingBean @ConditionalOnClass(name = "org.springframework.security.config.annotation.web.configuration.EnableWebSecurity") public SecurityProperties securityProperties() { return new SecurityProperties(); }
public ManagementSecurityPropertiesConfiguration( ObjectProvider<SecurityProperties> securityProvider, ObjectProvider<ManagementServerProperties> managementProvider) { this.security = securityProvider.getIfAvailable(); this.management = managementProvider.getIfAvailable(); }
@Bean public SecurityProperties securityProperties() { SecurityProperties security = new SecurityProperties(); security.getBasic().setPath(""); // empty so home page is insecured return security; }
@Bean public SecurityProperties securityProperties() { SecurityProperties security = new SecurityProperties(); security.getBasic().setPath(""); // empty so home page is unsecured return security; }
@Bean @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) @ConditionalOnMissingBean(DefaultMethodSecurityConfigurer.class) public DefaultMethodSecurityConfigurer defaultSecurityConfigurer(){ return super.defaultSecurityConfigurer(); }
