Summary Table

Categories Total Count
PII 0
URL 0
DNS 1
EKL 0
IP 0
PORT 0
VsID 0
CF 0
AI 0
VPD 0
PL 0
Other 0

File Content

package gov.va.med.ars.configuration.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

/**
*
* @author
DNS
*
*/
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

private static final String RESOURCE_ID = "SPRING_REST_API";

@Autowired
private TokenStore tokenStore;

@Autowired
JwtAccessTokenConverter tokenConverter;

@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).tokenStore(tokenStore);
}

@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().requestMatchers().antMatchers("/api/**").and().authorizeRequests()
.antMatchers("/api/admin/**").hasRole("ADMIN").antMatchers("/api/v1/**")
.access("hasRole('USER') or hasRole('ADMIN')").antMatchers("/api/ca/**")
.access("hasRole('ECAMS')").anyRequest().authenticated().and().exceptionHandling()
.accessDeniedHandler(new OAuth2AccessDeniedHandler()).and().httpBasic().and().headers().disable();
}

}