package project.fmo.app.projcetfmo.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private final PasswordEncoder passwordEncoder; private final CustomUsernamePasswordAuthenticationProvider authenticationProvider; public WebSecurityConfig(PasswordEncoder passwordEncoder, CustomUsernamePasswordAuthenticationProvider authenticationProvider) { this.passwordEncoder = passwordEncoder; this.authenticationProvider = authenticationProvider; } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/","/**", "/home", "/register", "/products").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest() .authenticated() .and() .formLogin() .permitAll() .failureUrl("/login?error=BadCredentials") .defaultSuccessUrl("/products", true) .and() .logout() .clearAuthentication(true) .invalidateHttpSession(true) .deleteCookies("JSESSIONID") .logoutSuccessUrl("/home") .and() .exceptionHandling().accessDeniedPage("/access_denied"); } @Override protected void configure(AuthenticationManagerBuilder auth) { auth.authenticationProvider(authenticationProvider); } }