source: src/main/java/com/example/moviezone/config/WebSecurityConfig.java@ 7926d68

Last change on this file since 7926d68 was 7926d68, checked in by DenicaKj <dkorvezir@…>, 21 months ago

Profiles for user and worker

  • Property mode set to 100644
File size: 2.8 KB
Line 
1package com.example.moviezone.config;
2
3import org.springframework.beans.factory.annotation.Autowired;
4import org.springframework.context.annotation.Configuration;
5import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
6import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
7import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
9import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10import org.springframework.security.crypto.password.PasswordEncoder;
11import org.springframework.web.servlet.config.annotation.EnableWebMvc;
12
13
14@Configuration
15@EnableWebSecurity
16@EnableWebMvc
17@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
18public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
19
20 private final PasswordEncoder passwordEncoder;
21 private final CustomUsernamePasswordAuthenticationProvider authenticationProvider;
22
23 public WebSecurityConfig(PasswordEncoder passwordEncoder,
24 CustomUsernamePasswordAuthenticationProvider authenticationProvider) {
25 this.passwordEncoder = passwordEncoder;
26 this.authenticationProvider = authenticationProvider;
27 }
28
29 @Override
30 protected void configure(HttpSecurity http) throws Exception {
31
32 http.csrf().disable()
33 .authorizeRequests()
34 .antMatchers("/","/films","/home/projections","/home/events","/home/getProjections/**","/home/films","/home/getFilm/**","/getFilm/**","/home/getEvent/**","/getEvent/**","/login","/events","/projections" ,"/home", "/assets/**", "/register", "/api/**").permitAll()
35 .antMatchers("/home/getSeats/**","/myTickets","/home/addRating/**","/addRating/**","/getProjection/**","/home/makeReservation","/profileUser").hasRole("USER")
36 .antMatchers("/**").hasRole("ADMIN")
37 .anyRequest()
38 .authenticated()
39 .and()
40 .formLogin()
41 .loginPage("/login").permitAll()
42 .failureUrl("/login?error=BadCredentials")
43 .defaultSuccessUrl("/home", true)
44 .and()
45 .logout()
46 .logoutUrl("/logout")
47 .clearAuthentication(true)
48 .invalidateHttpSession(true)
49 .deleteCookies("JSESSIONID")
50 .logoutSuccessUrl("/login")
51 .and()
52 .exceptionHandling().accessDeniedPage("/access_denied");
53
54 }
55
56 @Override
57 protected void configure(AuthenticationManagerBuilder auth) {
58//
59 auth.authenticationProvider(authenticationProvider);
60 }
61
62
63
64}
Note: See TracBrowser for help on using the repository browser.