Class ASecurityConfig
- java.lang.Object
-
- com.activeviam.risk.cfg.security.impl.ASecurityConfig
-
- Direct Known Subclasses:
ActiveMonitorSecurityConfig
,SecurityConfig
@EnableGlobalAuthentication @Configuration public abstract class ASecurityConfig extends Object
Generic implementation for security configuration of a server hosting ActivePivot, or Content server or ActiveMonitor.This class contains methods:
* To define authorized users, * To enable anonymous user access, * To configure the JWT filter, * To configure the security for Version service.- Author:
- ActiveViam
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
ASecurityConfig.AJwtSecurityConfigurer
Configuration for JWT.static class
ASecurityConfig.AVersionSecurityConfigurer
Configuration for Version service to allow anyone to access this servicestatic class
ASecurityConfig.AWebSecurityConfigurer
Common configuration forHttpSecurity
.
-
Field Summary
Fields Modifier and Type Field Description static String
AP_COOKIE_NAME
static String
BASIC_AUTH_BEAN_NAME
protected com.qfs.server.cfg.IJwtConfig
jwtConfig
static String
PIVOT_USER
static String[]
PIVOT_USER_ROLES
static String
ROLE_ACTIVEMONITOR
static String
ROLE_ADMIN
static String
ROLE_CS_ROOT
static String
ROLE_KPI
ROLE_KPI is added to users, to give them permission to read kpis created by other users in the content server In order to "share" kpis created in the content server, the kpi reader role is set to : ROLE_KPIstatic String
ROLE_TECH
static String
ROLE_USER
static boolean
useAnonymous
Set to true to allow anonymous accessstatic String
USER_ACTIVEMONITOR
static String[]
USERS
-
Constructor Summary
Constructors Constructor Description ASecurityConfig()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static String[]
activeMonitorGrantedAuthorities()
The authorities of the sentinel technical usercom.quartetfs.biz.pivot.security.IAuthorityComparator
authorityComparator()
[Bean] Comparator for user rolesorg.springframework.security.web.AuthenticationEntryPoint
basicAuthenticationEntryPoint()
Returns the defaultAuthenticationEntryPoint
to use for the fallback basic HTTP authentication.void
configureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
org.springframework.security.crypto.password.PasswordEncoder
passwordEncoder()
protected org.springframework.security.provisioning.UserDetailsManager
technicalUserDetailsService()
Creates and returns the technical users (one for ActivePivot Live, one for ActivePivot) that can be used to authenticate the connections from ActivePivot Live or ActivePivotorg.springframework.security.core.userdetails.UserDetailsService
userDetailsService()
-
-
-
Field Detail
-
USERS
public static final String[] USERS
-
useAnonymous
public static final boolean useAnonymous
Set to true to allow anonymous access- See Also:
- Constant Field Values
-
BASIC_AUTH_BEAN_NAME
public static final String BASIC_AUTH_BEAN_NAME
- See Also:
- Constant Field Values
-
AP_COOKIE_NAME
public static final String AP_COOKIE_NAME
- See Also:
- Constant Field Values
-
ROLE_USER
public static final String ROLE_USER
- See Also:
- Constant Field Values
-
ROLE_ADMIN
public static final String ROLE_ADMIN
- See Also:
- Constant Field Values
-
ROLE_TECH
public static final String ROLE_TECH
- See Also:
- Constant Field Values
-
ROLE_CS_ROOT
public static final String ROLE_CS_ROOT
-
ROLE_ACTIVEMONITOR
public static final String ROLE_ACTIVEMONITOR
- See Also:
- Constant Field Values
-
USER_ACTIVEMONITOR
public static final String USER_ACTIVEMONITOR
- See Also:
- Constant Field Values
-
ROLE_KPI
public static final String ROLE_KPI
ROLE_KPI is added to users, to give them permission to read kpis created by other users in the content server In order to "share" kpis created in the content server, the kpi reader role is set to : ROLE_KPI- See Also:
- Constant Field Values
-
PIVOT_USER
public static final String PIVOT_USER
- See Also:
- Constant Field Values
-
PIVOT_USER_ROLES
public static final String[] PIVOT_USER_ROLES
-
jwtConfig
@Autowired protected com.qfs.server.cfg.IJwtConfig jwtConfig
-
-
Method Detail
-
basicAuthenticationEntryPoint
@Bean(name="basicAuthenticationEntryPoint") public org.springframework.security.web.AuthenticationEntryPoint basicAuthenticationEntryPoint()
Returns the defaultAuthenticationEntryPoint
to use for the fallback basic HTTP authentication.- Returns:
- The default
AuthenticationEntryPoint
for the fallback HTTP basic authentication.
-
configureGlobal
@Autowired public void configureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth) throws Exception
- Throws:
Exception
-
userDetailsService
@Bean public org.springframework.security.core.userdetails.UserDetailsService userDetailsService()
-
technicalUserDetailsService
protected org.springframework.security.provisioning.UserDetailsManager technicalUserDetailsService()
Creates and returns the technical users (one for ActivePivot Live, one for ActivePivot) that can be used to authenticate the connections from ActivePivot Live or ActivePivot- Returns:
user data
-
authorityComparator
@Bean public com.quartetfs.biz.pivot.security.IAuthorityComparator authorityComparator()
[Bean] Comparator for user rolesDefines the comparator used by:
* com.quartetfs.biz.pivot.security.impl.ContextValueManager#setAuthorityComparator(IAuthorityComparator)
*IJwtService
- Returns:
- a comparator that indicates which authority/role prevails over another. NOTICE - an authority coming AFTER another one prevails over this "previous" authority. This authority ordering definition is essential to resolve possible ambiguity when, for a given user, a context value has been defined in more than one authority applicable to that user. In such case, it is what has been set for the "prevailing" authority that will be effectively retained for that context value for that user.
-
activeMonitorGrantedAuthorities
protected static String[] activeMonitorGrantedAuthorities()
The authorities of the sentinel technical user- Returns:
- the authorities of the sentinel technical user
-
passwordEncoder
@Bean public org.springframework.security.crypto.password.PasswordEncoder passwordEncoder()
-
-