// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: MIT-0 package com.example.application.security; import com.example.application.views.LoginView; import com.vaadin.flow.spring.security.VaadinWebSecurity; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @EnableWebSecurity // <1> @Configuration public class SecurityConfig extends VaadinWebSecurity { // <2> private @Autowired DataSourceImpl dataSource; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeHttpRequests() .requestMatchers("/images/*.png").permitAll(); // <3> super.configure(http); setLoginView(http, LoginView.class); // <4> } @Autowired public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth.eraseCredentials(false); auth.jdbcAuthentication().passwordEncoder(new BCryptPasswordEncoder()) .dataSource(dataSource) .usersByUsernameQuery( "select username, password, enabled from AppUser where username=? AND passwordExpiration > NOW()") .authoritiesByUsernameQuery( "select username, role from AppUser where username=? AND passwordExpiration > NOW()"); } @Bean public UserDetailsService users() { UserDetails user = User.builder() .username("user") // password = password with this hash, don't tell anybody :-) .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW") .roles("USER") .build(); UserDetails admin = User.builder() .username("admin") .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW") .roles("USER", "ADMIN") .build(); return new InMemoryUserDetailsManager(user, admin); // <5> } }