unicon.matthews.security.config.WebSecurityConfig - Code Metrics - Apereo-Learning-Analytics-Initiative/OpenLRW - Measure and Improve Code Quality continuously with Scrutinizer

unicon.matthews.security.config.WebSecurityConfig A
last analyzed 2019-01-30 08:29 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	111
Duplicated Lines	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
c	2
b	0
f	0
dl	0
loc	111
rs	10
eloc	87
wmc	9

9 Methods

Rating	Name	Size	Complexity
A	configure(HttpSecurity)	22	1
A	xAPIHeaderFilterBean()	9	1
A	configure(AuthenticationManagerBuilder)	4	1
A	buildJwtTokenAuthenticationProcessingFilter()	8	1
A	xAPIValidationFilterBean()	9	1
A	buildAdminUserLoginProcessingFilter()	5	1
A	passwordEncoder()	3	1
A	authenticationManagerBean()	4	1
A	buildAjaxLoginProcessingFilter()	5	1

package unicon.matthews.security.config;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import unicon.matthews.admin.AdminUserAuthenticationProvider;
import unicon.matthews.admin.AdminUserProcessingFilter;
import unicon.matthews.security.RestAuthenticationEntryPoint;
import unicon.matthews.security.auth.ajax.AjaxAuthenticationProvider;
import unicon.matthews.security.auth.ajax.AjaxLoginProcessingFilter;
import unicon.matthews.security.auth.jwt.JwtAuthenticationProvider;
import unicon.matthews.security.auth.jwt.JwtTokenAuthenticationProcessingFilter;
import unicon.matthews.security.auth.jwt.SkipPathRequestMatcher;
import unicon.matthews.security.auth.jwt.extractor.TokenExtractor;
import unicon.matthews.xapi.endpoint.XAPIHeaderFilter;
import unicon.matthews.xapi.endpoint.XAPIRequestValidationFilter;

import com.fasterxml.jackson.databind.ObjectMapper;

/**
 * WebSecurityConfig
 * 
 * @author vladimir.stankovic
 *
 * Aug 3, 2016
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    public static final String JWT_TOKEN_HEADER_PARAM = "Authorization";
    public static final String ADMIN_LOGIN_ENTRY_POINT = "/api/auth/adminuser/login";
    public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
    public static final String XAPI_ENTRY_POINT = "/xAPI/statements";
    public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
    public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
    
    @Autowired private RestAuthenticationEntryPoint authenticationEntryPoint;
    @Autowired private AuthenticationSuccessHandler successHandler;
    @Autowired private AuthenticationFailureHandler failureHandler;
    @Autowired private AjaxAuthenticationProvider ajaxAuthenticationProvider;
    @Autowired private AdminUserAuthenticationProvider adminUserAuthenticationProvider;
    @Autowired private JwtAuthenticationProvider jwtAuthenticationProvider;
    
    @Autowired private TokenExtractor tokenExtractor;
    
    @Autowired private AuthenticationManager authenticationManager;
    
    @Autowired private ObjectMapper objectMapper;
    
    @Autowired private XAPIRequestValidationFilter xAPIRequestValidationFilter;
    @Autowired private XAPIHeaderFilter xAPIHeaderFilter;
    
    @Bean
    protected AdminUserProcessingFilter buildAdminUserLoginProcessingFilter() throws Exception {

        AdminUserProcessingFilter filter = new AdminUserProcessingFilter(ADMIN_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper);
        filter.setAuthenticationManager(this.authenticationManager);
        return filter;
    }
        
    @Bean
    protected AjaxLoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception {

        AjaxLoginProcessingFilter filter = new AjaxLoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper);
        filter.setAuthenticationManager(this.authenticationManager);
        return filter;
    }
    
    @Bean
    protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {

        List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT, XAPI_ENTRY_POINT, ADMIN_LOGIN_ENTRY_POINT);
        SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
        JwtTokenAuthenticationProcessingFilter filter 
            = new JwtTokenAuthenticationProcessingFilter(failureHandler, tokenExtractor, matcher);
        filter.setAuthenticationManager(this.authenticationManager);
        return filter;
    }
    
    @Bean
    public FilterRegistrationBean xAPIValidationFilterBean() {
      FilterRegistrationBean registrationBean = new FilterRegistrationBean();
      registrationBean.setFilter(xAPIRequestValidationFilter);
      List<String> urls = new ArrayList<String>(1);
      urls.add("/xAPI/*");
      registrationBean.setUrlPatterns(urls);
      registrationBean.setOrder(3);
      return registrationBean;
    }

    @Bean
    public FilterRegistrationBean xAPIHeaderFilterBean() {
      FilterRegistrationBean registrationBean = new FilterRegistrationBean();
      registrationBean.setFilter(xAPIHeaderFilter);
      List<String> urls = new ArrayList<String>(1);
      urls.add("/xAPI/*");
      registrationBean.setUrlPatterns(urls);
      registrationBean.setOrder(4);
      return registrationBean;
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    
    protected void configure(AuthenticationManagerBuilder auth) {
        auth.authenticationProvider(adminUserAuthenticationProvider);
        auth.authenticationProvider(ajaxAuthenticationProvider);
        auth.authenticationProvider(jwtAuthenticationProvider);
    }
    
    @Bean
    protected BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .csrf().disable() // We don't need CSRF for JWT based authentication
        .exceptionHandling()
        .authenticationEntryPoint(this.authenticationEntryPoint)
        
        .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

        .and()
            .authorizeRequests()
                .antMatchers(ADMIN_LOGIN_ENTRY_POINT).permitAll()
                .antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
                .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
        .and()
            .authorizeRequests()
                .antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
        .and()
            .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
            .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}


1			package unicon.matthews.security.config;
2
3			import java.util.ArrayList;
4			import java.util.Arrays;
5			import java.util.List;
6
7			import org.springframework.beans.factory.annotation.Autowired;
8			import org.springframework.boot.web.servlet.FilterRegistrationBean;
9			import org.springframework.context.annotation.Bean;
10			import org.springframework.context.annotation.Configuration;
11			import org.springframework.security.authentication.AuthenticationManager;
12			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
13			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
14			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
15			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
16			import org.springframework.security.config.http.SessionCreationPolicy;
17			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
18			import org.springframework.security.web.authentication.AuthenticationFailureHandler;
19			import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
20			import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
21
22			import unicon.matthews.admin.AdminUserAuthenticationProvider;
23			import unicon.matthews.admin.AdminUserProcessingFilter;
24			import unicon.matthews.security.RestAuthenticationEntryPoint;
25			import unicon.matthews.security.auth.ajax.AjaxAuthenticationProvider;
26			import unicon.matthews.security.auth.ajax.AjaxLoginProcessingFilter;
27			import unicon.matthews.security.auth.jwt.JwtAuthenticationProvider;
28			import unicon.matthews.security.auth.jwt.JwtTokenAuthenticationProcessingFilter;
29			import unicon.matthews.security.auth.jwt.SkipPathRequestMatcher;
30			import unicon.matthews.security.auth.jwt.extractor.TokenExtractor;
31			import unicon.matthews.xapi.endpoint.XAPIHeaderFilter;
32			import unicon.matthews.xapi.endpoint.XAPIRequestValidationFilter;
33
34			import com.fasterxml.jackson.databind.ObjectMapper;
35
36			/**
37			* WebSecurityConfig
38			*
39			* @author vladimir.stankovic
40			*
41			* Aug 3, 2016
42			*/
43			@Configuration
44			@EnableWebSecurity
45			public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
46			public static final String JWT_TOKEN_HEADER_PARAM = "Authorization";
47			public static final String ADMIN_LOGIN_ENTRY_POINT = "/api/auth/adminuser/login";
48			public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
49			public static final String XAPI_ENTRY_POINT = "/xAPI/statements";
50			public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
51			public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
52
53			@Autowired private RestAuthenticationEntryPoint authenticationEntryPoint;
54			@Autowired private AuthenticationSuccessHandler successHandler;
55			@Autowired private AuthenticationFailureHandler failureHandler;
56			@Autowired private AjaxAuthenticationProvider ajaxAuthenticationProvider;
57			@Autowired private AdminUserAuthenticationProvider adminUserAuthenticationProvider;
58			@Autowired private JwtAuthenticationProvider jwtAuthenticationProvider;
59
60			@Autowired private TokenExtractor tokenExtractor;
61
62			@Autowired private AuthenticationManager authenticationManager;
63
64			@Autowired private ObjectMapper objectMapper;
65
66			@Autowired private XAPIRequestValidationFilter xAPIRequestValidationFilter;
67			@Autowired private XAPIHeaderFilter xAPIHeaderFilter;
68
69			@Bean
70			protected AdminUserProcessingFilter buildAdminUserLoginProcessingFilter() throws Exception {
			0 ignored issues – show Best Practice introduced 2019-01-30 08:29 UTC by Report Bug Copy Issue Report Dedicated exceptions should be preferred over throwing the generic Exception. Loading history...
71			AdminUserProcessingFilter filter = new AdminUserProcessingFilter(ADMIN_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper);
72			filter.setAuthenticationManager(this.authenticationManager);
73			return filter;
74			}
75
76			@Bean
77			protected AjaxLoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception {
			0 ignored issues – show Best Practice introduced 2019-01-30 08:29 UTC by Report Bug Copy Issue Report Dedicated exceptions should be preferred over throwing the generic Exception. Loading history...
78			AjaxLoginProcessingFilter filter = new AjaxLoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper);
79			filter.setAuthenticationManager(this.authenticationManager);
80			return filter;
81			}
82
83			@Bean
84			protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
			0 ignored issues – show Best Practice introduced 2019-01-30 08:29 UTC by Report Bug Copy Issue Report Dedicated exceptions should be preferred over throwing the generic Exception. Loading history...
85			List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT, XAPI_ENTRY_POINT, ADMIN_LOGIN_ENTRY_POINT);
86			SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
87			JwtTokenAuthenticationProcessingFilter filter
88			= new JwtTokenAuthenticationProcessingFilter(failureHandler, tokenExtractor, matcher);
89			filter.setAuthenticationManager(this.authenticationManager);
90			return filter;
91			}
92
93			@Bean
94			public FilterRegistrationBean xAPIValidationFilterBean() {
95			FilterRegistrationBean registrationBean = new FilterRegistrationBean();
96			registrationBean.setFilter(xAPIRequestValidationFilter);
97			List<String> urls = new ArrayList<String>(1);
98			urls.add("/xAPI/*");
99			registrationBean.setUrlPatterns(urls);
100			registrationBean.setOrder(3);
101			return registrationBean;
102			}
103
104			@Bean
105			public FilterRegistrationBean xAPIHeaderFilterBean() {
106			FilterRegistrationBean registrationBean = new FilterRegistrationBean();
107			registrationBean.setFilter(xAPIHeaderFilter);
108			List<String> urls = new ArrayList<String>(1);
109			urls.add("/xAPI/*");
110			registrationBean.setUrlPatterns(urls);
111			registrationBean.setOrder(4);
112			return registrationBean;
113			}
114
115			@Bean
116			@Override
117			public AuthenticationManager authenticationManagerBean() throws Exception {
118			return super.authenticationManagerBean();
119			}
120
121			protected void configure(AuthenticationManagerBuilder auth) {
122			auth.authenticationProvider(adminUserAuthenticationProvider);
123			auth.authenticationProvider(ajaxAuthenticationProvider);
124			auth.authenticationProvider(jwtAuthenticationProvider);
125			}
126
127			@Bean
128			protected BCryptPasswordEncoder passwordEncoder() {
129			return new BCryptPasswordEncoder();
130			}
131
132			@Override
133			protected void configure(HttpSecurity http) throws Exception {
134			http
135			.csrf().disable() // We don't need CSRF for JWT based authentication
136			.exceptionHandling()
137			.authenticationEntryPoint(this.authenticationEntryPoint)
138
139			.and()
140			.sessionManagement()
141			.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
142
143			.and()
144			.authorizeRequests()
145			.antMatchers(ADMIN_LOGIN_ENTRY_POINT).permitAll()
146			.antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
147			.antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
148			.and()
149			.authorizeRequests()
150			.antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
151			.and()
152			.addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
153			.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
154			}
155			}
156

Apereo-Learning-Analytics-Initiative / OpenLRW

unicon.matthews.security.config.WebSecurityConfig A last analyzed 2019-01-30 08:29 UTC

Complexity

Size/Duplication

Importance

9 Methods

Duplication Side-by-Side

Filter issues like

unicon.matthews.security.config.WebSecurityConfig A
last analyzed 2019-01-30 08:29 UTC