package com.example.baziproekt.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.web.servlet.config.annotation.EnableWebMvc; @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { /* @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/**"); } */ private final CustomUsernamePasswordAuthenticationProvider authenticationProvider; public WebSecurityConfig(CustomUsernamePasswordAuthenticationProvider authenticationProvider) { this.authenticationProvider = authenticationProvider; } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/**").permitAll() .anyRequest() .authenticated() .and() .formLogin() .loginPage("/login").permitAll() .failureUrl("/login?error=BadCredentials") .defaultSuccessUrl("/home", true) .and() .logout() .logoutUrl("/logout") .clearAuthentication(true) .invalidateHttpSession(true) .deleteCookies("JSESSIONID") .logoutSuccessUrl("/login") .and() .exceptionHandling().accessDeniedPage("/"); } @Override protected void configure(AuthenticationManagerBuilder auth) { auth.authenticationProvider(authenticationProvider); } }