Security - Neethahiremath/Wiki GitHub Wiki

using basic security in code :

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class ServiceSecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.httpBasic().and().authorizeRequests().antMatchers(HttpMethod.GET, "/a/**", "/b/**")
				.hasAnyRole("ADMIN").antMatchers(HttpMethod.POST, "/**/c").hasRole("ADMIN")
				.antMatchers(HttpMethod.POST, "/*").hasRole("ADMIN").antMatchers(HttpMethod.DELETE).hasRole("ADMIN")
				.and().csrf().disable().formLogin().disable();
	}

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.inMemoryAuthentication().withUser("username")
				.password("{noop}" + decryptAES(
						"str to decrypt",
						"secret key"))
				.roles("ADMIN");
	}

}

public static String decryptAES(String strToDecrypt, String secret) {
		try {
			Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
			cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(
					Arrays.copyOf(MessageDigest.getInstance("SHA-1").digest(secret.getBytes("UTF-8")), 16), "AES"));
			return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt)));
		} catch (Exception ex) {
			log.error("Error while decrypting: {}", ex);
		}
		return null;
	}