com.ucrisko.libroomreserve.config.WebSecurityConfig.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.ucrisko.libroomreserve.config.WebSecurityConfig.java

Introduction

Here is the source code for com.ucrisko.libroomreserve.config.WebSecurityConfig.java

Source

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */

package com.ucrisko.libroomreserve.config;

import javax.sql.DataSource;
import javax.ws.rs.HttpMethod;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    DataSource dataSource;

    @Autowired
    AuthenticationFailure authFailure;

    @Autowired
    AuthenticationSuccess authSuccess;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //.antMatchers(HttpMethod.GET, "/users").authenticated()
                .anyRequest().permitAll().and().formLogin().loginPage("/signin").successHandler(authSuccess)
                .failureHandler(authFailure).and().logout().permitAll().and()
                .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class).csrf()
                .csrfTokenRepository(csrfTokenRepository());
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("password").roles("USER").and().withUser("cpuzzuol")
                .password("epthnw2y").roles("ADMIN", "USER");

        /*
          auth
        .jdbcAuthentication()
            .dataSource(dataSource)
            .usersByUsernameQuery("SELECT userName FROM user WHERE userName=?")
            .authoritiesByUsernameQuery("SELECT userName FROM user WHERE userName=?");
          */
    }

    private CsrfTokenRepository csrfTokenRepository() {
        HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
        repository.setHeaderName("X-XSRF-TOKEN");
        return repository;
    }
}