1 | package com.example.salonbella.security;
|
---|
2 |
|
---|
3 | import com.example.salonbella.entity.UserEntity;
|
---|
4 | import com.example.salonbella.service.UserService;
|
---|
5 | import org.springframework.beans.factory.annotation.Autowired;
|
---|
6 | import org.springframework.context.annotation.Bean;
|
---|
7 | import org.springframework.context.annotation.Configuration;
|
---|
8 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
---|
9 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
---|
10 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
---|
11 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
---|
12 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
---|
13 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
---|
14 | import org.springframework.security.crypto.password.PasswordEncoder;
|
---|
15 | import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
---|
16 | import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
---|
17 |
|
---|
18 | import javax.annotation.Resource;
|
---|
19 | import java.util.concurrent.TimeUnit;
|
---|
20 |
|
---|
21 | @Configuration
|
---|
22 | @EnableWebSecurity
|
---|
23 | public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
|
---|
24 |
|
---|
25 | @Resource
|
---|
26 | private UserService userService;
|
---|
27 |
|
---|
28 | private AuthenticationSuccessHandler successHandler;
|
---|
29 |
|
---|
30 | @Autowired
|
---|
31 | public ApplicationSecurityConfig(AuthenticationSuccessHandler successHandler) {
|
---|
32 | this.successHandler = successHandler;
|
---|
33 | }
|
---|
34 |
|
---|
35 | @Override
|
---|
36 | protected void configure(HttpSecurity http) throws Exception {
|
---|
37 |
|
---|
38 |
|
---|
39 | http
|
---|
40 | .csrf().disable()
|
---|
41 | .authorizeRequests()
|
---|
42 | .antMatchers("/", "/index", "/register","/confirm").permitAll()
|
---|
43 | .antMatchers("/adminDashboard","/admin-scheduled-reservations","/admin-get-scheduled-reservations","/admin-cancel-reservation","/admin-block-reservation","/admin-get-blocked-reservations","/admin-unblock-reservation","/admin-schedule reservation","/admin-add-product","/admin-get-orders","/admin-change-status","/admin-cancel-order","/admin-remove-product").hasRole(ApplicationUserRole.ADMIN.name())
|
---|
44 | .anyRequest()
|
---|
45 | .authenticated()
|
---|
46 | .and()
|
---|
47 | .formLogin()
|
---|
48 | .loginPage("/login")
|
---|
49 | .successHandler(successHandler)
|
---|
50 | .permitAll()
|
---|
51 | .and()
|
---|
52 | .logout()
|
---|
53 | .logoutUrl("/logout")
|
---|
54 | .logoutRequestMatcher(new AntPathRequestMatcher(("/logout"), "GET"))
|
---|
55 | .clearAuthentication(true)
|
---|
56 | .invalidateHttpSession(true)
|
---|
57 | .deleteCookies("JSESSIONID")
|
---|
58 | .logoutSuccessUrl("/login");
|
---|
59 | }
|
---|
60 |
|
---|
61 | @Bean
|
---|
62 | public PasswordEncoder passwordEncoder() {
|
---|
63 | return new BCryptPasswordEncoder(10);
|
---|
64 | }
|
---|
65 |
|
---|
66 | @Bean
|
---|
67 | public DaoAuthenticationProvider authenticationProvider() {
|
---|
68 | DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
|
---|
69 | authProvider.setUserDetailsService(userService);
|
---|
70 | authProvider.setPasswordEncoder(passwordEncoder());
|
---|
71 | return authProvider;
|
---|
72 | }
|
---|
73 |
|
---|
74 | @Override
|
---|
75 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
---|
76 | auth.authenticationProvider(authenticationProvider());
|
---|
77 | }
|
---|
78 | }
|
---|