Revision 57531
Added by Michele Artini over 4 years ago
WebSecurityConfig.java | ||
---|---|---|
11 | 11 |
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
12 | 12 |
import org.springframework.security.crypto.factory.PasswordEncoderFactories; |
13 | 13 |
import org.springframework.security.crypto.password.PasswordEncoder; |
14 |
import org.springframework.security.web.access.AccessDeniedHandler; |
|
14 | 15 |
|
15 | 16 |
@Configuration |
16 | 17 |
@EnableWebSecurity |
... | ... | |
19 | 20 |
@Autowired |
20 | 21 |
private DataSource dataSource; |
21 | 22 |
|
23 |
@Autowired |
|
24 |
private AccessDeniedHandler accessDeniedHandler; |
|
25 |
|
|
22 | 26 |
@Override |
23 | 27 |
protected void configure(final HttpSecurity http) throws Exception { |
24 | 28 |
|
25 |
http.authorizeRequests() |
|
26 |
.antMatchers("/", "/swagger-ui.html", "/resources/**", "/messages/**").permitAll() |
|
27 |
.antMatchers("/api/**").fullyAuthenticated() |
|
29 |
http.csrf().disable() |
|
30 |
.authorizeRequests() |
|
31 |
.antMatchers("/", "/api/**").hasAnyRole("USER", "SUPERUSER") |
|
32 |
.antMatchers("/swagger-ui.html", "/doc", "/resources/**", "/webjars/**").permitAll() |
|
33 |
.anyRequest().authenticated() |
|
28 | 34 |
.and() |
29 |
.httpBasic() |
|
35 |
.formLogin() |
|
36 |
.loginPage("/login") |
|
37 |
.permitAll() |
|
30 | 38 |
.and() |
31 | 39 |
.logout() |
32 |
.logoutSuccessUrl("/messages/logout.html").permitAll() |
|
33 |
.deleteCookies("auth_code", "JSESSIONID") |
|
34 |
.clearAuthentication(true) |
|
35 |
.invalidateHttpSession(true) |
|
40 |
.permitAll() |
|
36 | 41 |
.and() |
37 |
.csrf().disable(); |
|
38 |
|
|
42 |
.exceptionHandling().accessDeniedHandler(accessDeniedHandler); |
|
39 | 43 |
} |
40 | 44 |
|
41 | 45 |
@Autowired |
42 | 46 |
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception { |
43 |
|
|
44 |
auth.jdbcAuthentication() |
|
45 |
.dataSource(dataSource) |
|
47 |
auth.jdbcAuthentication().dataSource(dataSource) |
|
46 | 48 |
.usersByUsernameQuery("select email, password, valid from users where email=? and valid=true") |
47 | 49 |
.authoritiesByUsernameQuery("select email, 'ROLE_'||role from users where email=? and valid=true"); |
48 | 50 |
} |
Also available in: Unified diff
new authentication