Ignore:
Timestamp:
07/07/23 12:14:58 (12 months ago)
Author:
HristijanMitic00 <hristijan.mitic.01@…>
Branches:
main
Parents:
1dd9226
Message:

First commit

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/main/java/project/fmo/app/projcetfmo/config/WebSecurityConfig.java

    r1dd9226 rd14176d  
    1 package project.fmo.app.projcetfmo.config;public class WebSecurityConfig {
     1package project.fmo.app.projcetfmo.config;
     2
     3import org.springframework.context.annotation.Configuration;
     4import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
     5import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
     6import org.springframework.security.config.annotation.web.builders.HttpSecurity;
     7import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
     8import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
     9import org.springframework.security.crypto.password.PasswordEncoder;
     10
     11@Configuration
     12@EnableWebSecurity
     13@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
     14public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     15
     16
     17    private final PasswordEncoder passwordEncoder;
     18    private final CustomUsernamePasswordAuthenticationProvider authenticationProvider;
     19
     20    public WebSecurityConfig(PasswordEncoder passwordEncoder,
     21                             CustomUsernamePasswordAuthenticationProvider authenticationProvider) {
     22        this.passwordEncoder = passwordEncoder;
     23        this.authenticationProvider = authenticationProvider;
     24    }
     25
     26    @Override
     27    protected void configure(HttpSecurity http) throws Exception {
     28
     29        http.csrf().disable()
     30                .authorizeRequests()
     31                .antMatchers("/","/**", "/home", "/register", "/products").permitAll()
     32                .antMatchers("/admin/**").hasRole("ADMIN")
     33                .anyRequest()
     34                .authenticated()
     35                .and()
     36                .formLogin()
     37                .permitAll()
     38                .failureUrl("/login?error=BadCredentials")
     39                .defaultSuccessUrl("/products", true)
     40                .and()
     41                .logout()
     42                .clearAuthentication(true)
     43                .invalidateHttpSession(true)
     44                .deleteCookies("JSESSIONID")
     45                .logoutSuccessUrl("/home")
     46                .and()
     47                .exceptionHandling().accessDeniedPage("/access_denied");
     48
     49    }
     50
     51    @Override
     52    protected void configure(AuthenticationManagerBuilder auth) {
     53        auth.authenticationProvider(authenticationProvider);
     54    }
     55
    256}
Note: See TracChangeset for help on using the changeset viewer.