Ignore:
Timestamp:
07/07/23 12:14:58 (15 months ago)
Author:
HristijanMitic00 <hristijan.mitic.01@…>
Branches:
main
Parents:
1dd9226
Message:

First commit

Location:
src/main/java/project/fmo/app/projcetfmo/config
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • src/main/java/project/fmo/app/projcetfmo/config/CustomUsernamePasswordAuthenticationProvider.java

    r1dd9226 rd14176d  
    1 package project.fmo.app.projcetfmo.config;public class CustomUsernamePasswordAuthenticationProvider {
     1package project.fmo.app.projcetfmo.config;
     2
     3import org.springframework.security.authentication.AuthenticationProvider;
     4import org.springframework.security.authentication.BadCredentialsException;
     5import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
     6import org.springframework.security.core.Authentication;
     7import org.springframework.security.core.AuthenticationException;
     8import org.springframework.security.core.userdetails.UserDetails;
     9import org.springframework.security.crypto.password.PasswordEncoder;
     10import org.springframework.stereotype.Component;
     11import project.fmo.app.projcetfmo.Service.KorisnikService;
     12
     13@Component
     14public class CustomUsernamePasswordAuthenticationProvider implements AuthenticationProvider {
     15
     16    private final KorisnikService korisnikService;
     17    private final PasswordEncoder passwordEncoder;
     18
     19    public CustomUsernamePasswordAuthenticationProvider(KorisnikService korisnikService, PasswordEncoder passwordEncoder) {
     20        this.korisnikService = korisnikService;
     21        this.passwordEncoder = passwordEncoder;
     22    }
     23
     24
     25    @Override
     26    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
     27        String username = authentication.getName();
     28        String password = authentication.getCredentials().toString();
     29
     30        if ("".equals(username) || "".equals(password)) {
     31            throw new BadCredentialsException("Invalid Credentials");
     32        }
     33
     34        UserDetails userDetails = this.korisnikService.loadUserByUsername(username);
     35
     36        if (!password.equals(userDetails.getPassword())) {
     37            throw new BadCredentialsException("Password is incorrect!");
     38        }
     39        return new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
     40
     41    }
     42
     43    @Override
     44    public boolean supports(Class<?> authentication) {
     45        return authentication.equals(UsernamePasswordAuthenticationToken.class);
     46    }
    247}

  • src/main/java/project/fmo/app/projcetfmo/config/WebSecurityConfig.java

    r1dd9226 rd14176d  
    1 package project.fmo.app.projcetfmo.config;public class WebSecurityConfig {
     1package project.fmo.app.projcetfmo.config;
     2
     3import org.springframework.context.annotation.Configuration;
     4import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
     5import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
     6import org.springframework.security.config.annotation.web.builders.HttpSecurity;
     7import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
     8import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
     9import org.springframework.security.crypto.password.PasswordEncoder;
     10
     11@Configuration
     12@EnableWebSecurity
     13@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
     14public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     15
     16
     17    private final PasswordEncoder passwordEncoder;
     18    private final CustomUsernamePasswordAuthenticationProvider authenticationProvider;
     19
     20    public WebSecurityConfig(PasswordEncoder passwordEncoder,
     21                             CustomUsernamePasswordAuthenticationProvider authenticationProvider) {
     22        this.passwordEncoder = passwordEncoder;
     23        this.authenticationProvider = authenticationProvider;
     24    }
     25
     26    @Override
     27    protected void configure(HttpSecurity http) throws Exception {
     28
     29        http.csrf().disable()
     30                .authorizeRequests()
     31                .antMatchers("/","/**", "/home", "/register", "/products").permitAll()
     32                .antMatchers("/admin/**").hasRole("ADMIN")
     33                .anyRequest()
     34                .authenticated()
     35                .and()
     36                .formLogin()
     37                .permitAll()
     38                .failureUrl("/login?error=BadCredentials")
     39                .defaultSuccessUrl("/products", true)
     40                .and()
     41                .logout()
     42                .clearAuthentication(true)
     43                .invalidateHttpSession(true)
     44                .deleteCookies("JSESSIONID")
     45                .logoutSuccessUrl("/home")
     46                .and()
     47                .exceptionHandling().accessDeniedPage("/access_denied");
     48
     49    }
     50
     51    @Override
     52    protected void configure(AuthenticationManagerBuilder auth) {
     53        auth.authenticationProvider(authenticationProvider);
     54    }
     55
    256}
Note: See TracChangeset for help on using the changeset viewer.