Summary Table
Categories |
Total Count |
PII |
0 |
URL |
0 |
DNS |
1 |
EKL |
0 |
IP |
0 |
PORT |
0 |
VsID |
0 |
CF |
0 |
AI |
0 |
VPD |
0 |
PL |
0 |
Other |
0 |
File Content
package gov.va.med.ars.configuration.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
/**
*
* @author
DNS
*
*/
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "SPRING_REST_API";
@Autowired
private TokenStore tokenStore;
@Autowired
JwtAccessTokenConverter tokenConverter;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().requestMatchers().antMatchers("/api/**").and().authorizeRequests()
.antMatchers("/api/admin/**").hasRole("ADMIN").antMatchers("/api/v1/**")
.access("hasRole('USER') or hasRole('ADMIN')").antMatchers("/api/ca/**")
.access("hasRole('ECAMS')").anyRequest().authenticated().and().exceptionHandling()
.accessDeniedHandler(new OAuth2AccessDeniedHandler()).and().httpBasic().and().headers().disable();
}
}