[ https://issues.apache.org/jira/browse/METRON-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15755182#comment-15755182 ]
ASF GitHub Bot commented on METRON-503: --------------------------------------- Github user merrimanr commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/316#discussion_r92862063 --- Diff: metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/WebSecurityConfig.java --- @@ -0,0 +1,89 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.metron.rest.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.env.Environment; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler; +import org.springframework.security.web.csrf.CookieCsrfTokenRepository; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; + +import javax.sql.DataSource; +import java.util.Arrays; + +@Configuration +@EnableWebSecurity +@Controller +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + private static final String CSRF_ENABLE_PROFILE = "csrf-enable"; + + @Autowired + private Environment environment; + + @RequestMapping({"/login", "/logout", "/sensors", "/sensors*/**"}) + public String handleNGRequests() { + return "forward:/index.html"; + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers("/", "/home", "/login").permitAll() + .antMatchers("/app/**").permitAll() + .antMatchers("/vendor/**").permitAll() + .antMatchers("/fonts/**").permitAll() + .antMatchers("/assets/images/**").permitAll() + .antMatchers("/*.js").permitAll() + .antMatchers("/*.ttf").permitAll() + .antMatchers("/*.woff2").permitAll() + .anyRequest().authenticated() + .and().httpBasic() + .and() + .logout() + .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()) + .invalidateHttpSession(true) + .deleteCookies("JSESSIONID"); + if (Arrays.asList(environment.getActiveProfiles()).contains(CSRF_ENABLE_PROFILE)) { + http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + } else { + http.csrf().disable(); + } + } + + @Autowired + private DataSource dataSource; + + @Autowired + public void configureJdbc(AuthenticationManagerBuilder auth) throws Exception { + auth + .jdbcAuthentication() + .dataSource(dataSource) + .withUser("user").password("password").roles("USER").and() --- End diff -- Instructions have been added to the README. > Metron REST API > --------------- > > Key: METRON-503 > URL: https://issues.apache.org/jira/browse/METRON-503 > Project: Metron > Issue Type: New Feature > Reporter: Ryan Merriman > Assignee: Ryan Merriman > Attachments: Metron REST API.docx > > > As discussed on the dev list ([DISCUSS] Metron REST API Requirements), this > Jira includes adding a REST API to Metron. -- This message was sent by Atlassian JIRA (v6.3.4#6332)