From c5e1c35f4a43c461c72400feacf2fa0ecaff18e4 Mon Sep 17 00:00:00 2001
From: Vitaliy Fedoriv <vitaliy.fedoriv@gmail.com>
Date: Wed, 23 May 2018 11:12:17 +0300
Subject: [PATCH] add application security configuration

---
 .../samples/petclinic/security/Encoders.java  | 21 ++++++++++
 .../security/ServerSecurityConfig.java        | 39 +++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 src/main/java/org/springframework/samples/petclinic/security/Encoders.java
 create mode 100644 src/main/java/org/springframework/samples/petclinic/security/ServerSecurityConfig.java

diff --git a/src/main/java/org/springframework/samples/petclinic/security/Encoders.java b/src/main/java/org/springframework/samples/petclinic/security/Encoders.java
new file mode 100644
index 00000000..6d34c81a
--- /dev/null
+++ b/src/main/java/org/springframework/samples/petclinic/security/Encoders.java
@@ -0,0 +1,21 @@
+package org.springframework.samples.petclinic.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class Encoders {
+	
+    @Bean
+    public PasswordEncoder oauthClientPasswordEncoder() {
+        return new BCryptPasswordEncoder(4);
+    }
+    
+    @Bean
+    public PasswordEncoder userPasswordEncoder() {
+        return new BCryptPasswordEncoder(8);
+    }
+
+}
diff --git a/src/main/java/org/springframework/samples/petclinic/security/ServerSecurityConfig.java b/src/main/java/org/springframework/samples/petclinic/security/ServerSecurityConfig.java
new file mode 100644
index 00000000..cc5894a1
--- /dev/null
+++ b/src/main/java/org/springframework/samples/petclinic/security/ServerSecurityConfig.java
@@ -0,0 +1,39 @@
+package org.springframework.samples.petclinic.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
+@Import(Encoders.class)
+public class ServerSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Autowired
+    private PasswordEncoder userPasswordEncoder;
+
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(userPasswordEncoder);
+    }
+
+}
-- 
GitLab