package com.aliyun.iotx.ica.center.start.security;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

/**
 * @author elephant-huang-zhao
 * @date 2018/3/2
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${ica.security.csrf.enabled}")
    private boolean csrf;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // cors 配置
        HttpSecurity httpSecurity = http.cors().and();
        // csrf 配置
        CsrfConfigurer<HttpSecurity> csrfConfigurer = httpSecurity.csrf();

        if (!csrf) {
            csrfConfigurer.disable();
        } else {
            csrfConfigurer
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                .requireCsrfProtectionMatcher(new CsrfSecurityRequestMatcher());
        }
    }

}