1 | package edu.gjoko.schedlr.config;
|
---|
2 |
|
---|
3 | import edu.gjoko.schedlr.services.PostgresUserDetailsService;
|
---|
4 | import org.springframework.context.annotation.Bean;
|
---|
5 | import org.springframework.context.annotation.Configuration;
|
---|
6 | import org.springframework.security.authentication.AuthenticationManager;
|
---|
7 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
---|
8 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
---|
9 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
---|
10 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
---|
11 | import org.springframework.security.config.core.GrantedAuthorityDefaults;
|
---|
12 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
---|
13 | import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
---|
14 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
---|
15 |
|
---|
16 | @Configuration
|
---|
17 | @EnableWebSecurity
|
---|
18 | public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
|
---|
19 |
|
---|
20 | private final PostgresUserDetailsService userDetailsService;
|
---|
21 |
|
---|
22 | private final BCryptPasswordEncoder passwordEncoder;
|
---|
23 |
|
---|
24 | private final AuthenticationSuccessHandler authenticationSuccessHandler;
|
---|
25 |
|
---|
26 | public AppSecurityConfig(PostgresUserDetailsService userDetailsService, BCryptPasswordEncoder passwordEncoder,
|
---|
27 | AuthenticationSuccessHandler authenticationSuccessHandler) {
|
---|
28 | this.userDetailsService = userDetailsService;
|
---|
29 | this.passwordEncoder = passwordEncoder;
|
---|
30 | this.authenticationSuccessHandler = authenticationSuccessHandler;
|
---|
31 | }
|
---|
32 |
|
---|
33 | @Bean
|
---|
34 | public AuthenticationManager customAuthenticationManager() throws Exception {
|
---|
35 | return authenticationManager();
|
---|
36 | }
|
---|
37 |
|
---|
38 | @Override
|
---|
39 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
---|
40 | auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
|
---|
41 | }
|
---|
42 |
|
---|
43 | @Override
|
---|
44 | protected void configure(HttpSecurity http) throws Exception {
|
---|
45 | http.csrf()
|
---|
46 | .disable()
|
---|
47 | .authorizeRequests()
|
---|
48 | .antMatchers("/login*").permitAll()
|
---|
49 | .antMatchers("/register_customer").permitAll()
|
---|
50 | .antMatchers("/register_business").permitAll()
|
---|
51 | .antMatchers("/css/**").permitAll()
|
---|
52 | .antMatchers("/anonymous*").anonymous()
|
---|
53 | .anyRequest()
|
---|
54 | .fullyAuthenticated()
|
---|
55 | .and()
|
---|
56 | .httpBasic()
|
---|
57 | .authenticationEntryPoint(new AppAuthenticationEntryPoint())
|
---|
58 | .and()
|
---|
59 | .addFilterBefore(new AppFilter(), BasicAuthenticationFilter.class)
|
---|
60 | .formLogin()
|
---|
61 | .loginPage("/login")
|
---|
62 | .loginProcessingUrl("/login")
|
---|
63 | .successHandler(authenticationSuccessHandler);
|
---|
64 | }
|
---|
65 | }
|
---|