Java tutorial
/* * The GNU General Public Licence * * Copyright (c) 2016 by Volodymyr Fedorchuk <vl.fedorchuck@gmail.com> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * @license GPL-3.0+ <http://spdx.org/licenses/GPL-3.0+> */ package com.github.fedorchuck.webstore.config; import com.github.fedorchuck.webstore.accountservice.AccountDetailsServiceImpl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.encoding.ShaPasswordEncoder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AccountDetailsServiceImpl userDetailsService; @Autowired public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth // .inMemoryAuthentication() // .withUser("user").password("password").roles("USER"); .userDetailsService(userDetailsService); // .passwordEncoder(getShaPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/resources/**", "/**").permitAll().anyRequest() .permitAll().and(); http.formLogin().loginPage("/login").loginProcessingUrl("/j_spring_security_check") .failureUrl("/login?error").usernameParameter("j_username").passwordParameter("j_password") .permitAll(); http.logout().permitAll().logoutUrl("/user/logout")//.logoutUrl("/logout") .logoutSuccessUrl("/user/authorize")//.logoutSuccessUrl("/login?logout") .invalidateHttpSession(true); } @Bean public ShaPasswordEncoder getShaPasswordEncoder() { return new ShaPasswordEncoder(); } }