2 * Copyright © 2017-2018 AT&T Intellectual Property.
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
17 package org.onap.ccsdk.apps.controllerblueprints.security;
\r
19 import com.att.eelf.configuration.EELFLogger;
\r
20 import com.att.eelf.configuration.EELFManager;
\r
21 import org.springframework.beans.factory.annotation.Value;
\r
22 import org.springframework.context.annotation.Bean;
\r
23 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
\r
24 import org.springframework.security.config.web.server.ServerHttpSecurity;
\r
25 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
\r
26 import org.springframework.security.core.userdetails.User;
\r
27 import org.springframework.security.core.userdetails.UserDetails;
\r
28 import org.springframework.security.web.server.SecurityWebFilterChain;
\r
30 @SuppressWarnings("unused")
\r
31 @EnableWebFluxSecurity
\r
32 public class ApplicationSecurityConfigurerAdapter {
\r
34 @Value("${basic-auth.user-name}")
\r
35 private String userName;
\r
37 @Value("${basic-auth.hashed-pwd}")
\r
38 private String userHashedPassword;
\r
40 private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class);
\r
43 public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
\r
45 http.csrf().disable();
\r
46 http.authorizeExchange()
\r
47 .pathMatchers("/webjars/**", "/actuator/**").permitAll()
\r
48 .anyExchange().authenticated()
\r
51 return http.build();
\r
55 public MapReactiveUserDetailsService userDetailsService() {
\r
56 User.UserBuilder userBuilder = User.builder();
\r
57 UserDetails defaultUser = userBuilder
\r
59 .password(userHashedPassword).roles("USER").build();
\r
60 return new MapReactiveUserDetailsService(defaultUser);
\r