source: src/main/java/project/educatum/config/SecurityConfig.java

Last change on this file was d3cf3a1, checked in by Marija Micevska <marija_micevska@…>, 2 years ago

Initial commit

  • Property mode set to 100644
File size: 2.6 KB
Line 
1package project.educatum.config;
2
3
4import org.springframework.beans.factory.annotation.Autowired;
5import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
6import org.springframework.context.annotation.Configuration;
7import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
8import org.springframework.security.config.annotation.web.builders.HttpSecurity;
9import org.springframework.security.config.annotation.web.builders.WebSecurity;
10import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
11import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
12import org.springframework.security.core.userdetails.UserDetailsService;
13import org.springframework.security.crypto.password.PasswordEncoder;
14import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
15import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
16
17@Configuration
18@EnableOAuth2Sso
19@EnableWebSecurity
20public class SecurityConfig extends WebSecurityConfigurerAdapter {
21
22 private final PasswordEncoder passwordEncoder;
23 private final CustomAuthenticationProvider customAuthenticationProvider;
24
25 public SecurityConfig(PasswordEncoder passwordEncoder, CustomAuthenticationProvider customAuthenticationProvider) {
26 this.passwordEncoder = passwordEncoder;
27 this.customAuthenticationProvider = customAuthenticationProvider;
28 }
29
30 @Override
31 public void configure(WebSecurity web) throws Exception {
32 web.ignoring().antMatchers("/h2**");
33 web.ignoring().antMatchers("/**");
34 }
35
36 @Override
37 protected void configure(HttpSecurity http) throws Exception {
38 http.csrf().disable()
39 .authorizeRequests()
40 .antMatchers("/", "/home", "/assets/**", "/register", "/login").permitAll()
41 .antMatchers("/admin/**").hasRole("ADMIN")
42 .anyRequest()
43 .authenticated()
44 .and()
45 .formLogin()
46 .loginPage("/login").permitAll()
47 .failureUrl("/login?error=BadCredentials")
48 .defaultSuccessUrl("/home", true)
49 .and()
50 .logout()
51 .logoutUrl("/logout")
52 .clearAuthentication(true)
53 .invalidateHttpSession(true)
54 .deleteCookies("JSESSIONID")
55 .logoutSuccessUrl("/login");
56 }
57
58 @Override
59 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
60 auth.authenticationProvider(customAuthenticationProvider);
61 }
62}
Note: See TracBrowser for help on using the repository browser.