source: src/main/java/it/finki/charitable/security/SecurityConfig.java@ 881a233

Last change on this file since 881a233 was 0c37625, checked in by NikolaCenevski <cenevskinikola@…>, 3 years ago

Moderator pagination

  • Property mode set to 100644
File size: 3.1 KB
Line 
1package it.finki.charitable.security;
2
3import it.finki.charitable.entities.UserRole;
4import it.finki.charitable.services.UserService;
5import org.springframework.context.annotation.Configuration;
6import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
9import org.springframework.security.core.Authentication;
10import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
11import org.springframework.security.web.DefaultRedirectStrategy;
12import org.springframework.security.web.RedirectStrategy;
13import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
14import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
15
16import javax.servlet.ServletException;
17import javax.servlet.http.HttpServletRequest;
18import javax.servlet.http.HttpServletResponse;
19import java.io.IOException;
20
21@Configuration
22public class SecurityConfig extends WebSecurityConfigurerAdapter {
23
24 private final UserService userService;
25 private BCryptPasswordEncoder passwordEncoder() {
26 return PasswordEncoder.bCryptPasswordEncoder();
27 }
28
29 public SecurityConfig(UserService userService) {
30 this.userService = userService;
31 }
32
33 private final static String[] publicMatchers = {
34 "/css/**",
35 "/js/**",
36 "/image/**",
37 "/",
38 "/login",
39 "/register",
40 "/validate",
41 "/album/**",
42 "/post",
43 "/post-photos/**"
44 };
45
46 @Override
47 protected void configure(HttpSecurity http) throws Exception {
48 http
49 .authorizeRequests()
50 .antMatchers(publicMatchers).permitAll()
51 .antMatchers("/moderator-photos/**", "/moderator/**").hasAuthority(UserRole.MODERATOR.name())
52 .anyRequest().hasAuthority(UserRole.USER.name());
53
54 http
55 .csrf().disable()
56 .cors().disable()
57 .formLogin().loginPage("/login")
58 .successHandler(authenticationSuccessHandler)
59 .and()
60 .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
61 .logoutSuccessUrl("/").deleteCookies("remember-me")
62 .and()
63 .rememberMe();
64 }
65
66 AuthenticationSuccessHandler authenticationSuccessHandler = (httpServletRequest, httpServletResponse, authentication) -> {
67 RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
68 if(authentication.getAuthorities().toString().contains("MODERATOR")) {
69 redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, "/moderator/approval?page=1&sort=id");
70 } else {
71 redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, "/");
72 }
73 };
74
75 @Override
76 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
77 auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
78 }
79}
Note: See TracBrowser for help on using the repository browser.