ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/cds/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java

   1 /*
   2  * Copyright © 2017-2018 AT&T Intellectual Property.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.onap.ccsdk.cds.controllerblueprints.security;
  18
  19 import com.att.eelf.configuration.EELFLogger;
  20 import com.att.eelf.configuration.EELFManager;
  21 import org.springframework.beans.factory.annotation.Value;
  22 import org.springframework.context.annotation.Bean;
  23 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
  24 import org.springframework.security.config.web.server.ServerHttpSecurity;
  25 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
  26 import org.springframework.security.core.userdetails.User;
  27 import org.springframework.security.core.userdetails.UserDetails;
  28 import org.springframework.security.web.server.SecurityWebFilterChain;
  29
  30 @SuppressWarnings("unused")
  31 @EnableWebFluxSecurity
  32 public class ApplicationSecurityConfigurerAdapter {
  33
  34     @Value("${basic-auth.user-name}")
  35     private String userName;
  36
  37     @Value("${basic-auth.hashed-pwd}")
  38     private String userHashedPassword;
  39
  40     private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class);
  41
  42     @Bean
  43     public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
  44
  45         http.csrf().disable();
  46         http.authorizeExchange()
  47                 .pathMatchers("/webjars/**", "/actuator/**").permitAll()
  48                 .anyExchange().authenticated()
  49                 .and().httpBasic();
  50
  51         return http.build();
  52     }
  53
  54     @Bean
  55     public MapReactiveUserDetailsService userDetailsService() {
  56         User.UserBuilder userBuilder = User.builder();
  57         UserDetails defaultUser = userBuilder
  58                 .username(userName)
  59                 .password(userHashedPassword).roles("USER").build();
  60         return new MapReactiveUserDetailsService(defaultUser);
  61     }
  62 }