Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package cz.sohlich.workstack; import cz.sohlich.workstack.security.MongoUserDetailService; import cz.sohlich.workstack.security.StatelessAuthenticationFilter; import cz.sohlich.workstack.security.StatelessLoginFilter; import cz.sohlich.workstack.security.TokenAuthenticationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; /** * * @author radek */ @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired MongoUserDetailService userDetailService; @Autowired AuthenticationManager authenticationManager; @Autowired TokenAuthenticationService tokenAuthenticationService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder()); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().exceptionHandling().and().anonymous().and().servletApi().and().headers() .cacheControl().and().authorizeRequests().antMatchers("/api/task/**").authenticated() .antMatchers(HttpMethod.POST, "/security/login").permitAll().and() .addFilterBefore(new StatelessLoginFilter("/security/login", tokenAuthenticationService, userDetailService, authenticationManager), UsernamePasswordAuthenticationFilter.class) .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); // .exceptionHandling().authenticationEntryPoint(entryPoint); // .formLogin();//.loginPage("/security/login"); } }