51 lines
1.9 KiB
Kotlin
51 lines
1.9 KiB
Kotlin
package ltd.hlaeja.configuration
|
|
|
|
import ltd.hlaeja.security.authorize.adminPaths
|
|
import ltd.hlaeja.security.authorize.publicPaths
|
|
import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler
|
|
import ltd.hlaeja.security.handler.UserAccessDeniedHandler
|
|
import org.springframework.context.annotation.Bean
|
|
import org.springframework.context.annotation.Configuration
|
|
import org.springframework.http.HttpStatus.FOUND
|
|
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
|
|
import org.springframework.security.config.web.server.ServerHttpSecurity
|
|
import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
|
|
import org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
|
|
import org.springframework.security.web.server.SecurityWebFilterChain
|
|
|
|
@Configuration
|
|
@EnableWebFluxSecurity
|
|
class SecurityConfiguration {
|
|
|
|
@Bean
|
|
fun securityWebFilterChain(
|
|
serverHttpSecurity: ServerHttpSecurity,
|
|
): SecurityWebFilterChain = serverHttpSecurity
|
|
.csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) }
|
|
.exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) }
|
|
.authorizeExchange(::authorizeExchange)
|
|
.formLogin(::formLogin)
|
|
.logout(::logout)
|
|
.build()
|
|
|
|
private fun authorizeExchange(
|
|
authorizeExchange: AuthorizeExchangeSpec,
|
|
) = authorizeExchange
|
|
.publicPaths().permitAll()
|
|
.adminPaths().hasRole("ADMIN")
|
|
.anyExchange().authenticated()
|
|
|
|
private fun logout(
|
|
logout: ServerHttpSecurity.LogoutSpec,
|
|
) = logout.logoutUrl("/logout")
|
|
.logoutSuccessHandler { webFilter, _ ->
|
|
webFilter.exchange.response.headers.add("Location", "/logout")
|
|
webFilter.exchange.response.statusCode = FOUND
|
|
webFilter.exchange.response.setComplete()
|
|
}
|
|
|
|
private fun formLogin(
|
|
login: FormLoginSpec,
|
|
) = login.loginPage("/login")
|
|
}
|