source: src/main/java/com/example/moviezone/config/WebSecurityConfig.java@ 4173acf

Last change on this file since 4173acf was 1e7126f, checked in by DenicaKj <dkorvezir@…>, 15 months ago

fix

  • Property mode set to 100644
File size: 3.3 KB
Line 
1package com.example.moviezone.config;
2
3import org.springframework.beans.factory.annotation.Autowired;
4import org.springframework.context.annotation.Configuration;
5import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
6import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
7import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
9import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10import org.springframework.security.crypto.password.PasswordEncoder;
11import org.springframework.web.servlet.config.annotation.EnableWebMvc;
12
13
14@Configuration
15@EnableWebSecurity
16@EnableWebMvc
17@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
18public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
19
20 private final PasswordEncoder passwordEncoder;
21 private final CustomUsernamePasswordAuthenticationProvider authenticationProvider;
22
23 public WebSecurityConfig(PasswordEncoder passwordEncoder,
24 CustomUsernamePasswordAuthenticationProvider authenticationProvider) {
25 this.passwordEncoder = passwordEncoder;
26 this.authenticationProvider = authenticationProvider;
27 }
28
29 @Override
30 protected void configure(HttpSecurity http) throws Exception {
31
32 http.csrf().disable()
33 .authorizeRequests()
34 .antMatchers("/","/films","/home/projections","/home/events","/home/getProjections/**","/home/films","/home/getFilm/**","/getFilm/**","/home/getEvent/**","/getEvent/**","/login","/events","/projections" ,"/home", "/assets/**", "/register", "/registerWorker","/api/**").permitAll()
35 .antMatchers("/","/finishRegister","/registerWorker","/films","/home/projections","/home/events","/home/getProjections/**","/home/films","/home/getFilm/**","/getFilm/**","/home/getEvent/**","/getEvent/**","redirect:/login","/login","/events","/projections" ,"/home", "/assets/**", "/register", "/api/**").permitAll()
36 .antMatchers("/home/getSeats/**","/myTickets","/home/addInterestedEvent/**","/home/deleteInterestedEvent/**","/home/addRating/**","/addRating/**","/getProjection/**","/home/makeReservation","/profileUser","/cancelTicket/**").hasRole("USER")
37 .antMatchers("/profileWorker").hasRole("WORKER")
38 .antMatchers("/**").hasRole("ADMIN")
39 .anyRequest()
40 .authenticated()
41 .and()
42 .formLogin()
43 .loginPage("/login").permitAll()
44 .failureUrl("/login?error=BadCredentials")
45 .defaultSuccessUrl("/home", true)
46 .and()
47 .logout()
48 .logoutUrl("/logout")
49 .clearAuthentication(true)
50 .invalidateHttpSession(true)
51 .deleteCookies("JSESSIONID")
52 .logoutSuccessUrl("/login")
53 .and()
54 .exceptionHandling().accessDeniedPage("/access_denied");
55
56 }
57
58 @Override
59 protected void configure(AuthenticationManagerBuilder auth) {
60//
61 auth.authenticationProvider(authenticationProvider);
62 }
63
64
65
66}
Note: See TracBrowser for help on using the repository browser.