Java tutorial
package blankd.acme.pet.licensing.config.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public static final String REALM = "MY_REALM"; @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() //<--- Research why this only allows GET and POST .authorizeRequests().antMatchers("/license/find/*").permitAll().antMatchers("/license/").permitAll() .antMatchers("/license/new").hasAuthority("ADMIN").antMatchers("/license/assign/*") .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/license/assign/force/**").hasAuthority("ADMIN") .antMatchers("/license/delete/**").hasAuthority("ADMIN").antMatchers("/account/view/*").permitAll() .antMatchers("/pet/new").hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/update") .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/delete").hasAnyAuthority("CLERK", "ADMIN") .antMatchers("/pet/**").permitAll().antMatchers("/account/new").permitAll() .antMatchers("/account/**").hasAnyAuthority("CLERK", "ADMIN").anyRequest().fullyAuthenticated() .and().httpBasic().realmName(REALM).authenticationEntryPoint(getMyEntryPoint()).and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } @Bean public MyBasicAuthenticationEntryPoint getMyEntryPoint() { return new MyBasicAuthenticationEntryPoint(); } @Override public void configure(WebSecurity w) { w.ignoring().antMatchers(HttpMethod.OPTIONS, "/**"); } }