source: src/main/java/com/example/moviezone/config/WebSecurityConfig.java@ 1fcb086

Last change on this file since 1fcb086 was 1fcb086, checked in by DenicaKj <dkorvezir@…>, 21 months ago

Update WebSecurityConfig.java

  • Property mode set to 100644
File size: 3.2 KB
Line 
1package com.example.moviezone.config;
2
3import org.springframework.beans.factory.annotation.Autowired;
4import org.springframework.context.annotation.Configuration;
5import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
6import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
7import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
9import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10import org.springframework.security.crypto.password.PasswordEncoder;
11import org.springframework.web.servlet.config.annotation.EnableWebMvc;
12
13
14@Configuration
15@EnableWebSecurity
16@EnableWebMvc
17@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
18public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
19
20 private final PasswordEncoder passwordEncoder;
21 private final CustomUsernamePasswordAuthenticationProvider authenticationProvider;
22
23 public WebSecurityConfig(PasswordEncoder passwordEncoder,
24 CustomUsernamePasswordAuthenticationProvider authenticationProvider) {
25 this.passwordEncoder = passwordEncoder;
26 this.authenticationProvider = authenticationProvider;
27 }
28
29 @Override
30 protected void configure(HttpSecurity http) throws Exception {
31
32 http.csrf().disable()
33 .authorizeRequests()
34 .antMatchers("/","/films","/home/projections","/home/events","/home/getProjections/**","/home/films","/home/getFilm/**","/getFilm/**","/home/getEvent/**","/getEvent/**","/login","/events","/projections" ,"/home", "/assets/**", "/register", "/registerWorker","/api/**").permitAll()
35 .antMatchers("/","/finishRegister","/registerWorker","/films","/home/projections","/home/events","/home/getProjections/**","/home/films","/home/getFilm/**","/getFilm/**","/home/getEvent/**","/getEvent/**","redirect:/login","/login","/events","/projections" ,"/home", "/assets/**", "/register", "/api/**").permitAll()
36 .antMatchers("/home/getSeats/**","/myTickets","/home/addInterestedEvent/**","/home/deleteInterestedEvent/**","/home/addRating/**","/addRating/**","/getProjection/**","/home/makeReservation","/profileUser").hasRole("USER")
37 .antMatchers("/**").hasRole("ADMIN")
38 .anyRequest()
39 .authenticated()
40 .and()
41 .formLogin()
42 .loginPage("/login").permitAll()
43 .failureUrl("/login?error=BadCredentials")
44 .defaultSuccessUrl("/home", true)
45 .and()
46 .logout()
47 .logoutUrl("/logout")
48 .clearAuthentication(true)
49 .invalidateHttpSession(true)
50 .deleteCookies("JSESSIONID")
51 .logoutSuccessUrl("/login")
52 .and()
53 .exceptionHandling().accessDeniedPage("/access_denied");
54
55 }
56
57 @Override
58 protected void configure(AuthenticationManagerBuilder auth) {
59//
60 auth.authenticationProvider(authenticationProvider);
61 }
62
63
64
65}
Note: See TracBrowser for help on using the repository browser.