Konfiguracja inMemory za pomocą InMemoryUserDetailsManager

2fd20214 · Patryk Czarnik · d4e8327c · 2fd20214 · 2fd20214 · 2fd20214
Commit 2fd20214 authored May 24, 2023 by Patryk Czarnik
3 changed files
--- a/PC30-SklepSpring/src/main/java/sklep/security/SecurityConfig.java
+++ b/PC30-SklepSpring/src/main/java/sklep/security/SecurityConfig.java
 package sklep.security;

-import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.ObjectPostProcessor;
-import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;

 @Configuration
@@ -23,20 +22,28 @@ public class SecurityConfig {
 		return httpSecurity.build();
 	}
 	
+//	@Bean
+//	AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration, ApplicationContext applicationContext) throws Exception {
+//        ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
+//			public <O> O postProcess(O object) {
+//				return object;
+//			}
+//		};
+//		
+//		return authenticationConfiguration.authenticationManagerBuilder(objectPostProcessor, applicationContext)
+//				.inMemoryAuthentication()
+//				.withUser("ala").password("{noop}ala123").roles("manager", "worker").and()
+//				.withUser("ola").password("{noop}ola123").roles("worker").and()
+//			.and()
+//			.build();
+//	}
+	
 	@Bean
-	AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration, ApplicationContext applicationContext) throws Exception {
-        ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
-			public <O> O postProcess(O object) {
-				return object;
-			}
+	public InMemoryUserDetailsManager userDetailsService() {
+		UserDetails[] users = {
+				User.withUsername("ala").password("{noop}ala123").roles("manager", "worker").build(),
+				User.withUsername("ola").password("{noop}ola123").roles("worker").build(),
 		};
-		
-		return authenticationConfiguration.authenticationManagerBuilder(objectPostProcessor, applicationContext)
-				.inMemoryAuthentication()
-				.withUser("ala").password("{noop}ala123").roles("manager", "worker").and()
-				.withUser("ola").password("{noop}ola123").roles("worker").and()
-			.and()
-			.build();
+		return new InMemoryUserDetailsManager(users);
 	}
-	
 }
--- a/PC30-SklepSpring/src/main/java/sklep/security/nowy_config1_inmemory.txt
+++ b/PC30-SklepSpring/src/main/java/sklep/security/nowy_config1_inmemory.txt
+package sklep.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+	@Bean
+	SecurityFilterChain setHttpSecurity(HttpSecurity httpSecurity) throws Exception {
+		httpSecurity
+			.authorizeHttpRequests((authz) -> authz
+					.anyRequest().authenticated()
+				)
+			.formLogin();
+		return httpSecurity.build();
+	}
+	
+//	@Bean
+//	AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration, ApplicationContext applicationContext) throws Exception {
+//        ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
+//			public <O> O postProcess(O object) {
+//				return object;
+//			}
+//		};
+//		
+//		return authenticationConfiguration.authenticationManagerBuilder(objectPostProcessor, applicationContext)
+//				.inMemoryAuthentication()
+//				.withUser("ala").password("{noop}ala123").roles("manager", "worker").and()
+//				.withUser("ola").password("{noop}ola123").roles("worker").and()
+//			.and()
+//			.build();
+//	}
+	
+	@Bean
+	public InMemoryUserDetailsManager userDetailsService() {
+		UserDetails[] users = {
+				User.withUsername("ala").password("{noop}ala123").roles("manager", "worker").build(),
+				User.withUsername("ola").password("{noop}ola123").roles("worker").build(),
+		};
+		return new InMemoryUserDetailsManager(users);
+	}
+}
--- a/PC30-SklepSpring/src/main/java/sklep/security/sredni_config2.txt
+++ b/PC30-SklepSpring/src/main/java/sklep/security/sredni_config2.txt
+package sklep.security;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+	
+	@Bean
+	SecurityFilterChain setHttpSecurity(HttpSecurity httpSecurity) throws Exception {
+		httpSecurity
+			.authorizeHttpRequests((authz) -> authz
+					//.anyRequest().permitAll()
+//					.requestMatchers(antMatcher("/")).permitAll()
+//					.requestMatchers("/whoami").permitAll()
+//					.requestMatchers("/*.css").permitAll()
+//					.requestMatchers("/hello", "/time").permitAll()
+//					.requestMatchers("/alt?/**").authenticated() // zalogowany jako ktokolwiek
+//					.requestMatchers("/products/new", "/products/*/edit").hasAuthority("ROLE_manager")
+//					.requestMatchers("/products/**").permitAll()
+//					.requestMatchers("/customers/new", "/customers/*/edit").hasAuthority("ROLE_manager")
+//					.requestMatchers("/customers/**").authenticated()
+					.anyRequest().authenticated()
+//					.anyRequest().denyAll()
+				)
+			.formLogin();
+		return httpSecurity.build();
+	}
+
+//	@Bean
+//	public InMemoryUserDetailsManager userDetailsService() {
+//		UserDetails user = User.withUsername("ala").password("{noop}kot").roles("manager")
+//				.build();
+//		return new InMemoryUserDetailsManager(user);
+//	}
+	
+	@Bean
+	AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration, ApplicationContext applicationContext) throws Exception {
+        ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
+			public <O> O postProcess(O object) {
+				return object;
+			}
+		};
+		
+		return authenticationConfiguration.authenticationManagerBuilder(objectPostProcessor, applicationContext)
+				.inMemoryAuthentication()
+				.withUser("ala").password("{noop}abc123").roles("manager", "worker").and()
+				.withUser("ola").password("{noop}abc123").roles("worker").and()
+			.and()
+			.build();
+	}
+
+}