portal-BE/src/main/java/org/onap/portal/configuration/SecurityConfig.java

   1 package org.onap.portal.configuration;
   2
   3 import org.onap.portal.service.fn.FnUserService;
   4 import org.springframework.beans.factory.annotation.Autowired;
   5 import org.springframework.context.annotation.Configuration;
   6 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
   7 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
   8 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
   9 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  10 import org.springframework.security.crypto.password.PasswordEncoder;
  11
  12 @Configuration
  13 @EnableWebSecurity
  14 public class SecurityConfig extends WebSecurityConfigurerAdapter {
  15        @Autowired
  16        private FnUserService fnUserService;
  17
  18        @Override
  19        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  20               auth.userDetailsService(fnUserService)
  21                       .passwordEncoder(new PasswordEncoder() {
  22                              @Override
  23                              public String encode(CharSequence rawPassword) {
  24                                     return rawPassword.toString();
  25                              }
  26
  27                              @Override
  28                              public boolean matches(CharSequence rawPassword, String encodedPassword) {
  29                                     return true;
  30                              }
  31                       });
  32        }
  33
  34        @Override
  35        protected void configure(HttpSecurity http) throws Exception {
  36               http
  37                       .authorizeRequests()
  38                       .antMatchers("/static/img/**").permitAll()
  39                       .anyRequest().authenticated()
  40                       .and()
  41                       .formLogin()
  42                       .loginPage("/login")
  43                       .permitAll()
  44                       .and()
  45                       .logout()
  46                       .permitAll();
  47
  48               http.csrf().disable();
  49               http.headers().frameOptions().disable();
  50
  51        }
  52
  53
  54 }