[74af394] | 1 | package com.example.salonbella.security;
|
---|
| 2 |
|
---|
| 3 | import com.example.salonbella.entity.UserEntity;
|
---|
| 4 | import com.example.salonbella.service.UserService;
|
---|
| 5 | import org.springframework.beans.factory.annotation.Autowired;
|
---|
| 6 | import org.springframework.context.annotation.Bean;
|
---|
| 7 | import org.springframework.context.annotation.Configuration;
|
---|
| 8 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
---|
| 9 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
---|
| 10 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
---|
| 11 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
---|
| 12 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
---|
| 13 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
---|
| 14 | import org.springframework.security.crypto.password.PasswordEncoder;
|
---|
| 15 | import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
---|
| 16 | import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
---|
| 17 |
|
---|
| 18 | import javax.annotation.Resource;
|
---|
| 19 | import java.util.concurrent.TimeUnit;
|
---|
| 20 |
|
---|
| 21 | @Configuration
|
---|
| 22 | @EnableWebSecurity
|
---|
| 23 | public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
|
---|
| 24 |
|
---|
| 25 | @Resource
|
---|
| 26 | private UserService userService;
|
---|
| 27 |
|
---|
| 28 | private AuthenticationSuccessHandler successHandler;
|
---|
| 29 |
|
---|
| 30 | @Autowired
|
---|
| 31 | public ApplicationSecurityConfig(AuthenticationSuccessHandler successHandler) {
|
---|
| 32 | this.successHandler = successHandler;
|
---|
| 33 | }
|
---|
| 34 |
|
---|
| 35 | @Override
|
---|
| 36 | protected void configure(HttpSecurity http) throws Exception {
|
---|
| 37 |
|
---|
| 38 |
|
---|
| 39 | http
|
---|
| 40 | .csrf().disable()
|
---|
| 41 | .authorizeRequests()
|
---|
| 42 | .antMatchers("/", "/index", "/register","/confirm").permitAll()
|
---|
| 43 | .antMatchers("/adminDashboard","/admin-scheduled-reservations","/admin-get-scheduled-reservations","/admin-cancel-reservation","/admin-block-reservation","/admin-get-blocked-reservations","/admin-unblock-reservation","/admin-schedule reservation","/admin-add-product","/admin-get-orders","/admin-change-status","/admin-cancel-order","/admin-remove-product").hasRole(ApplicationUserRole.ADMIN.name())
|
---|
| 44 | .anyRequest()
|
---|
| 45 | .authenticated()
|
---|
| 46 | .and()
|
---|
| 47 | .formLogin()
|
---|
| 48 | .loginPage("/login")
|
---|
| 49 | .successHandler(successHandler)
|
---|
| 50 | .permitAll()
|
---|
| 51 | .and()
|
---|
| 52 | .logout()
|
---|
| 53 | .logoutUrl("/logout")
|
---|
| 54 | .logoutRequestMatcher(new AntPathRequestMatcher(("/logout"), "GET"))
|
---|
| 55 | .clearAuthentication(true)
|
---|
| 56 | .invalidateHttpSession(true)
|
---|
| 57 | .deleteCookies("JSESSIONID")
|
---|
| 58 | .logoutSuccessUrl("/login");
|
---|
| 59 | }
|
---|
| 60 |
|
---|
| 61 | @Bean
|
---|
| 62 | public PasswordEncoder passwordEncoder() {
|
---|
| 63 | return new BCryptPasswordEncoder(10);
|
---|
| 64 | }
|
---|
| 65 |
|
---|
| 66 | @Bean
|
---|
| 67 | public DaoAuthenticationProvider authenticationProvider() {
|
---|
| 68 | DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
|
---|
| 69 | authProvider.setUserDetailsService(userService);
|
---|
| 70 | authProvider.setPasswordEncoder(passwordEncoder());
|
---|
| 71 | return authProvider;
|
---|
| 72 | }
|
---|
| 73 |
|
---|
| 74 | @Override
|
---|
| 75 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
---|
| 76 | auth.authenticationProvider(authenticationProvider());
|
---|
| 77 | }
|
---|
| 78 | }
|
---|