ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java

   1 /*\r
   2  * Copyright © 2017-2018 AT&T Intellectual Property.\r
   3  *\r
   4  * Licensed under the Apache License, Version 2.0 (the "License");\r
   5  * you may not use this file except in compliance with the License.\r
   6  * You may obtain a copy of the License at\r
   7  *\r
   8  *     http://www.apache.org/licenses/LICENSE-2.0\r
   9  *\r
  10  * Unless required by applicable law or agreed to in writing, software\r
  11  * distributed under the License is distributed on an "AS IS" BASIS,\r
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  13  * See the License for the specific language governing permissions and\r
  14  * limitations under the License.\r
  15  */\r
  16 \r
  17 package org.onap.ccsdk.apps.controllerblueprints.security;\r
  18 \r
  19 import com.att.eelf.configuration.EELFLogger;\r
  20 import com.att.eelf.configuration.EELFManager;\r
  21 import org.springframework.beans.factory.annotation.Value;\r
  22 import org.springframework.context.annotation.Bean;\r
  23 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;\r
  24 import org.springframework.security.config.web.server.ServerHttpSecurity;\r
  25 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;\r
  26 import org.springframework.security.core.userdetails.User;\r
  27 import org.springframework.security.core.userdetails.UserDetails;\r
  28 import org.springframework.security.web.server.SecurityWebFilterChain;\r
  29 \r
  30 @SuppressWarnings("unused")\r
  31 @EnableWebFluxSecurity\r
  32 public class ApplicationSecurityConfigurerAdapter {\r
  33 \r
  34     @Value("${basic-auth.user-name}")\r
  35     private String userName;\r
  36 \r
  37     @Value("${basic-auth.hashed-pwd}")\r
  38     private String userHashedPassword;\r
  39 \r
  40     private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class);\r
  41 \r
  42     @Bean\r
  43     public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {\r
  44 \r
  45         http.csrf().disable();\r
  46         http.authorizeExchange()\r
  47                 .pathMatchers("/webjars/**", "/actuator/**").permitAll()\r
  48                 .anyExchange().authenticated()\r
  49                 .and().httpBasic();\r
  50 \r
  51         return http.build();\r
  52     }\r
  53 \r
  54     @Bean\r
  55     public MapReactiveUserDetailsService userDetailsService() {\r
  56         User.UserBuilder userBuilder = User.builder();\r
  57         UserDetails defaultUser = userBuilder\r
  58                 .username(userName)\r
  59                 .password(userHashedPassword).roles("USER").build();\r
  60         return new MapReactiveUserDetailsService(defaultUser);\r
  61     }\r
  62 }