1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.client.console;
20
21 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
22 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
23 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
24 import org.springframework.context.annotation.Bean;
25 import org.springframework.context.annotation.Configuration;
26 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
27 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
28 import org.springframework.security.core.userdetails.User;
29 import org.springframework.security.core.userdetails.UserDetails;
30 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
31 import org.springframework.security.web.SecurityFilterChain;
32
33 @EnableWebSecurity
34 @Configuration(proxyBeanMethods = false)
35 public class SecurityConfig {
36
37 @ConditionalOnMissingBean
38 @Bean
39 public SecurityFilterChain actuatorFilterChain(final HttpSecurity http) throws Exception {
40 http.csrf().disable().
41 authorizeRequests().
42 requestMatchers(EndpointRequest.toAnyEndpoint()).
43 authenticated().
44 and().
45 httpBasic();
46 return http.build();
47 }
48
49 @ConditionalOnMissingBean
50 @Bean
51 public InMemoryUserDetailsManager actuatorUserDetailsService(final ConsoleProperties props) {
52 UserDetails user = User.withUsername(props.getAnonymousUser()).
53 password("{noop}" + props.getAnonymousKey()).
54 roles(IdRepoEntitlement.ANONYMOUS).
55 build();
56 return new InMemoryUserDetailsManager(user);
57 }
58 }