| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- /*
- * Copyright The OpenTelemetry Authors
- * SPDX-License-Identifier: Apache-2.0
- */
- import boot.SavingAuthenticationProvider
- import org.springframework.context.annotation.Bean
- import org.springframework.context.annotation.Configuration
- import org.springframework.core.annotation.Order
- import org.springframework.security.config.annotation.web.builders.HttpSecurity
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
- import org.springframework.security.web.SecurityFilterChain
- @Configuration
- @EnableWebSecurity
- class SecurityConfig {
- @Bean
- SavingAuthenticationProvider savingAuthenticationProvider() {
- return new SavingAuthenticationProvider()
- }
- /**
- * Following configuration is required for unauthorised call tests (form would redirect, we need 401)
- */
- @Bean
- @Order(1)
- SecurityFilterChain apiWebSecurity(HttpSecurity http, SavingAuthenticationProvider savingAuthenticationProvider) {
- return http
- .csrf().disable()
- .securityMatcher("/basicsecured/**")
- .authorizeHttpRequests()
- .requestMatchers("/basicsecured/**").authenticated()
- .and()
- .httpBasic()
- .and()
- .authenticationProvider(savingAuthenticationProvider)
- .build()
- }
- /**
- * Following configuration is required in order to get form login, needed by password tests
- */
- @Bean
- SecurityFilterChain formLoginWebSecurity(HttpSecurity http, SavingAuthenticationProvider savingAuthenticationProvider) {
- return http
- .csrf().disable()
- .authorizeHttpRequests()
- .requestMatchers("/formsecured/**").authenticated()
- .anyRequest().permitAll()
- .and()
- .formLogin()
- .and()
- .authenticationProvider(savingAuthenticationProvider)
- .build()
- }
- }
|
