Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package com.example.config; import com.example.server.user.CustomUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; /** * * @author User */ @Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired CustomUserDetailsService customUserDetailsService; @Autowired PasswordEncoder encoder; @Bean public TokenBasedRememberMeServices rememberMeServices() { return new TokenBasedRememberMeServices("remember-me-key", customUserDetailsService); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.eraseCredentials(true).userDetailsService(customUserDetailsService).passwordEncoder(encoder); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/", "/favicon.ico", "/resources/**", "/signup").permitAll() .anyRequest().authenticated().and().formLogin().loginPage("/signin").permitAll() .failureUrl("/signin?error=1").loginProcessingUrl("/authenticate").and().logout() .logoutUrl("/logout").permitAll().logoutSuccessUrl("/signin?logout").and().rememberMe() .rememberMeServices(rememberMeServices()).key("remember-me-key"); } }