Class SecurityConfig

java.lang.Object
uk.ac.manchester.spinnaker.alloc.security.SecurityConfig

@EnableWebSecurity @Role(0) @EnableMethodSecurity(prePostEnabled=true) public class SecurityConfig extends Object
The security and administration configuration of the service.

Note: role expressions (IS_USER and IS_ADMIN) must be applied (with @PreAuthorize) to interfaces of classes (or methods of those interfaces) that are Spring Beans in order for the security interception to be applied correctly. This is the only combination that is known to work reliably.

Author:
Donal Fellows
  • Field Details

    • IS_ADMIN

      public static final String IS_ADMIN
      How to assert that a user must be an admin.
      See Also:
    • IS_NMPI_EXEC

      public static final String IS_NMPI_EXEC
      How to assert that a user must be an admin.
      See Also:
    • IS_READER

      public static final String IS_READER
      How to assert that a user must be able to read summaries.
      See Also:
    • MAY_SEE_JOB_DETAILS

      public static final String MAY_SEE_JOB_DETAILS
      How to filter out job details that a given user may see (or not).
      See Also:
    • IS_USER

      public static final String IS_USER
      How to assert that a user must be able to make jobs and read job details in depth.
      See Also:
  • Constructor Details

    • SecurityConfig

      public SecurityConfig()
  • Method Details

    • configureGlobal

      @Autowired public void configureGlobal(AuthenticationManagerBuilder auth)
      Configure things we plug into.
      Parameters:
      auth - The authentication manager builder to configure.
    • securityFilter

      @Bean @Role(1) public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception
      Define our main security controls.
      Parameters:
      http - Used to build the filter chain.
      Returns:
      The filter chain that implements the controls.
      Throws:
      Exception - If anything goes wrong with setting up. Not expected.