hr.foi.sis.conf.ConfSecurity.java Source code

Java tutorial

  1. HOME
  2. Java
  3. hr.foi.sis.conf.ConfSecurity.java

Introduction

Here is the source code for hr.foi.sis.conf.ConfSecurity.java

Source

/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package hr.foi.sis.conf;

import com.allanditzel.springframework.security.web.csrf.CsrfTokenResponseHeaderBindingFilter;
import hr.foi.sis.services.PersonDetailsService;
import org.jboss.logging.Param;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.stereotype.Component;

/**
 *
 * @author paz
 */
@Component
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ConfSecurity extends WebSecurityConfigurerAdapter {

    @Autowired
    PBKDF2AuthProvider authenticationProvider;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth.authenticationProvider(authenticationProvider);

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.sessionManagement().maximumSessions(1);

        http.csrf().disable().authorizeRequests().antMatchers("/admin-page.html").access("hasRole('ROLE_ADMIN')")
                .antMatchers("/user-page.html").access("isAuthenticated()")
                .antMatchers("/index.html", "/register.html", "spring-security.css").permitAll()
                .antMatchers("/register.html").permitAll().and().formLogin().loginPage("/login.html")
                .usernameParameter("username").passwordParameter("password").failureUrl("/login-error.html")
                .defaultSuccessUrl("/user-page.html").and().logout().logoutUrl("/logout")
                .logoutSuccessUrl("/index.html").and().exceptionHandling()
                .accessDeniedPage("/acces-denied-page.html").and().headers().xssProtection();

        //CsrfTokenResponseHeaderBindingFilter csrfTokenFilter = new CsrfTokenResponseHeaderBindingFilter();    
        //http.addFilterAfter(csrfTokenFilter, CsrfFilter.class);

    }
}