Project

General

Profile

« Previous | Next » 

Revision 57531

Added by Michele Artini over 4 years ago

new authentication

View differences:

WebSecurityConfig.java
11 11 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
12 12 
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
13 13 
import org.springframework.security.crypto.password.PasswordEncoder;
14 
import org.springframework.security.web.access.AccessDeniedHandler;
14 15 

  		




  15
  16
  
    
@Configuration


  		




  16
  17
  
    
@EnableWebSecurity


  		




  ......




  19
  20
  
    
	@Autowired


  		




  20
  21
  
    
	private DataSource dataSource;


  		




  21
  22
  
    

  		




  
  23
  
    
	@Autowired


  		




  
  24
  
    
	private AccessDeniedHandler accessDeniedHandler;


  		




  
  25
  
    

  		




  22
  26
  
    
	@Override


  		




  23
  27
  
    
	protected void configure(final HttpSecurity http) throws Exception {


  		




  24
  28
  
    

  		




  25
  
  
    
		http.authorizeRequests()


  		




  26
  
  
    
				.antMatchers("/", "/swagger-ui.html", "/resources/**", "/messages/**").permitAll()


  		




  27
  
  
    
				.antMatchers("/api/**").fullyAuthenticated()


  		




  
  29
  
    
		http.csrf().disable()


  		




  
  30
  
    
				.authorizeRequests()


  		




  
  31
  
    
				.antMatchers("/", "/api/**").hasAnyRole("USER", "SUPERUSER")


  		




  
  32
  
    
				.antMatchers("/swagger-ui.html", "/doc", "/resources/**", "/webjars/**").permitAll()


  		




  
  33
  
    
				.anyRequest().authenticated()


  		




  28
  34
  
    
				.and()


  		




  29
  
  
    
				.httpBasic()


  		




  
  35
  
    
				.formLogin()


  		




  
  36
  
    
				.loginPage("/login")


  		




  
  37
  
    
				.permitAll()


  		




  30
  38
  
    
				.and()


  		




  31
  39
  
    
				.logout()


  		




  32
  
  
    
				.logoutSuccessUrl("/messages/logout.html").permitAll()


  		




  33
  
  
    
				.deleteCookies("auth_code", "JSESSIONID")


  		




  34
  
  
    
				.clearAuthentication(true)


  		




  35
  
  
    
				.invalidateHttpSession(true)


  		




  
  40
  
    
				.permitAll()


  		




  36
  41
  
    
				.and()


  		




  37
  
  
    
				.csrf().disable();


  		




  38
  
  
    

  		




  
  42
  
    
				.exceptionHandling().accessDeniedHandler(accessDeniedHandler);


  		




  39
  43
  
    
	}


  		




  40
  44
  
    

  		




  41
  45
  
    
	@Autowired


  		




  42
  46
  
    
	public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {


  		




  43
  
  
    

  		




  44
  
  
    
		auth.jdbcAuthentication()


  		




  45
  
  
    
				.dataSource(dataSource)


  		




  
  47
  
    
		auth.jdbcAuthentication().dataSource(dataSource)


  		




  46
  48
  
    
				.usersByUsernameQuery("select email, password, valid from users where email=? and valid=true")


  		




  47
  49
  
    
				.authoritiesByUsernameQuery("select email, 'ROLE_'||role from users where email=? and valid=true");


  		




  48
  50
  
    
	}


  		












Also available in:  Unified diff