source: src/main/java/com/example/salonbella/security/ApplicationSecurityConfig.java@ 4d7e387

Last change on this file since 4d7e387 was 4d7e387, checked in by makyjovanovsky <mjovanovski04@…>, 18 months ago

commit 1
  • Property mode set to 100644
File size: 3.3 KB
Line 
1package com.example.salonbella.security;
2
3import com.example.salonbella.entity.UserEntity;
4import com.example.salonbella.service.UserService;
5import org.springframework.beans.factory.annotation.Autowired;
6import org.springframework.context.annotation.Bean;
7import org.springframework.context.annotation.Configuration;
8import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
9import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
10import org.springframework.security.config.annotation.web.builders.HttpSecurity;
11import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
12import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
13import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
14import org.springframework.security.crypto.password.PasswordEncoder;
15import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
16import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
17
18import javax.annotation.Resource;
19import java.util.concurrent.TimeUnit;
20
21@Configuration
22@EnableWebSecurity
23public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
24
25 @Resource
26 private UserService userService;
27
28 private AuthenticationSuccessHandler successHandler;
29
30 @Autowired
31 public ApplicationSecurityConfig(AuthenticationSuccessHandler successHandler) {
32 this.successHandler = successHandler;
33 }
34
35 @Override
36 protected void configure(HttpSecurity http) throws Exception {
37
38
39 http
40 .csrf().disable()
41 .authorizeRequests()
42 .antMatchers("/", "/index", "/register","/confirm").permitAll()
43 .antMatchers("/adminDashboard","/admin-scheduled-reservations","/admin-get-scheduled-reservations","/admin-cancel-reservation","/admin-block-reservation","/admin-get-blocked-reservations","/admin-unblock-reservation","/admin-schedule reservation","/admin-add-product","/admin-get-orders","/admin-change-status","/admin-cancel-order","/admin-remove-product").hasRole(ApplicationUserRole.ADMIN.name())
44 .anyRequest()
45 .authenticated()
46 .and()
47 .formLogin()
48 .loginPage("/login")
49 .successHandler(successHandler)
50 .permitAll()
51 .and()
52 .logout()
53 .logoutUrl("/logout")
54 .logoutRequestMatcher(new AntPathRequestMatcher(("/logout"), "GET"))
55 .clearAuthentication(true)
56 .invalidateHttpSession(true)
57 .deleteCookies("JSESSIONID")
58 .logoutSuccessUrl("/login");
59 }
60
61 @Bean
62 public PasswordEncoder passwordEncoder() {
63 return new BCryptPasswordEncoder(10);
64 }
65
66 @Bean
67 public DaoAuthenticationProvider authenticationProvider() {
68 DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
69 authProvider.setUserDetailsService(userService);
70 authProvider.setPasswordEncoder(passwordEncoder());
71 return authProvider;
72 }
73
74 @Override
75 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
76 auth.authenticationProvider(authenticationProvider());
77 }
78}
Note: See TracBrowser for help on using the repository browser.