Package uk.ac.manchester.spinnaker.alloc.security

Class SecurityConfig

java.lang.Object

uk.ac.manchester.spinnaker.alloc.security.SecurityConfig

@EnableWebSecurity
@Role(0)
@EnableMethodSecurity(prePostEnabled=true)
public class SecurityConfig
extends Object

The security and administration configuration of the service.

Note: role expressions (IS_USER and IS_ADMIN) must be applied (with @PreAuthorize) to interfaces of classes (or methods of those interfaces) that are Spring Beans in order for the security interception to be applied correctly. This is the only combination that is known to work reliably.

Author:

Donal Fellows

Field Summary

Fields

Modifier and Type	Field	Description
static final String	IS_ADMIN	How to assert that a user must be an admin.
static final String	IS_NMPI_EXEC	How to assert that a user must be an admin.
static final String	IS_READER	How to assert that a user must be able to read summaries.
static final String	IS_USER	How to assert that a user must be able to make jobs and read job details in depth.
static final String	MAY_SEE_JOB_DETAILS	How to filter out job details that a given user may see (or not).

Constructor Summary

Constructors

Constructor	Description
SecurityConfig()

Method Summary

Modifier and Type	Method	Description
void	configureGlobal(AuthenticationManagerBuilder auth)	Configure things we plug into.
SecurityFilterChain	securityFilter(HttpSecurity http)	Define our main security controls.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

IS_ADMIN

public static final String IS_ADMIN

How to assert that a user must be an admin.

See Also:

• Constant Field Values

IS_NMPI_EXEC

public static final String IS_NMPI_EXEC

How to assert that a user must be an admin.

See Also:

• Constant Field Values

IS_READER

public static final String IS_READER

How to assert that a user must be able to read summaries.

See Also:

• Constant Field Values

MAY_SEE_JOB_DETAILS

public static final String MAY_SEE_JOB_DETAILS

How to filter out job details that a given user may see (or not).

See Also:

• Constant Field Values

IS_USER

public static final String IS_USER

How to assert that a user must be able to make jobs and read job details in depth.

See Also:

• Constant Field Values

Constructor Details

SecurityConfig

public SecurityConfig()

Method Details

configureGlobal

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)

Configure things we plug into.

Parameters:

auth - The authentication manager builder to configure.

securityFilter

@Bean
@Role(1)
public SecurityFilterChain securityFilter(HttpSecurity http)
                                   throws Exception

Define our main security controls.

Parameters:

http - Used to build the filter chain.

Returns:

The filter chain that implements the controls.

Throws:

Exception - If anything goes wrong with setting up. Not expected.