source: src/main/java/com/example/moviezone/config/WebSecurityConfig.java@ f8ef9bd

Last change on this file since f8ef9bd was eb5426c, checked in by DenicaKj <dkorvezir@…>, 22 months ago

Home Page

  • Property mode set to 100644
File size: 2.5 KB
Line 
1package com.example.moviezone.config;
2
3import org.springframework.beans.factory.annotation.Autowired;
4import org.springframework.context.annotation.Configuration;
5import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
6import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
7import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
9import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10import org.springframework.security.crypto.password.PasswordEncoder;
11import org.springframework.web.servlet.config.annotation.EnableWebMvc;
12
13
14@Configuration
15@EnableWebSecurity
16@EnableWebMvc
17@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
18public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
19
20 private final PasswordEncoder passwordEncoder;
21 private final CustomUsernamePasswordAuthenticationProvider authenticationProvider;
22
23 public WebSecurityConfig(PasswordEncoder passwordEncoder,
24 CustomUsernamePasswordAuthenticationProvider authenticationProvider) {
25 this.passwordEncoder = passwordEncoder;
26 this.authenticationProvider = authenticationProvider;
27 }
28
29 @Override
30 protected void configure(HttpSecurity http) throws Exception {
31
32 http.csrf().disable()
33 .authorizeRequests()
34 .antMatchers("/","/home/getFilm/**", "/home", "/assets/**", "/register", "/api/**").permitAll()
35 .antMatchers("/admin/**").hasRole("ADMIN")
36 .anyRequest()
37 .authenticated()
38 .and()
39 .formLogin()
40 .loginPage("/login").permitAll()
41 .failureUrl("/login?error=BadCredentials")
42 .defaultSuccessUrl("/products", true)
43 .and()
44 .logout()
45 .logoutUrl("/logout")
46 .clearAuthentication(true)
47 .invalidateHttpSession(true)
48 .deleteCookies("JSESSIONID")
49 .logoutSuccessUrl("/login")
50 .and()
51 .exceptionHandling().accessDeniedPage("/access_denied");
52
53 }
54
55 @Override
56 protected void configure(AuthenticationManagerBuilder auth) {
57//
58 auth.authenticationProvider(authenticationProvider);
59 }
60
61
62
63}
Note: See TracBrowser for help on using the repository browser.