1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.client.enduser;
20
21 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
22 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
23 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
24 import org.springframework.context.annotation.Bean;
25 import org.springframework.context.annotation.Configuration;
26 import org.springframework.security.config.Customizer;
27 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
28 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
29 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
30 import org.springframework.security.core.userdetails.User;
31 import org.springframework.security.core.userdetails.UserDetails;
32 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
33 import org.springframework.security.web.SecurityFilterChain;
34 import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
35
36 @EnableWebSecurity
37 @Configuration(proxyBeanMethods = false)
38 public class SecurityConfig {
39
40 @ConditionalOnMissingBean
41 @Bean
42 public SecurityFilterChain actuatorFilterChain(final HttpSecurity http) throws Exception {
43 EndpointRequest.EndpointRequestMatcher actuatorEndpoints = EndpointRequest.toAnyEndpoint();
44 http.authorizeHttpRequests(customizer -> customizer.
45 requestMatchers(new NegatedRequestMatcher(actuatorEndpoints)).permitAll().
46 requestMatchers(actuatorEndpoints).authenticated());
47
48 http.httpBasic(Customizer.withDefaults());
49 http.csrf(AbstractHttpConfigurer::disable);
50
51 return http.build();
52 }
53
54 @ConditionalOnMissingBean
55 @Bean
56 public InMemoryUserDetailsManager actuatorUserDetailsService(final EnduserProperties props) {
57 UserDetails user = User.withUsername(props.getAnonymousUser()).
58 password("{noop}" + props.getAnonymousKey()).
59 roles(IdRepoEntitlement.ANONYMOUS).
60 build();
61 return new InMemoryUserDetailsManager(user);
62 }
63 }