Java tutorial
/* * Copyright (C) 2016 Federico Tello Gentile <federicotg@gmail.com> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package org.fede.calculator.web; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; import org.springframework.security.authentication.encoding.ShaPasswordEncoder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * * @author Federico Tello Gentile <federicotg@gmail.com> */ @Configuration @EnableWebSecurity @PropertySource("classpath:security.properties") public class SecurityConfig extends WebSecurityConfigurerAdapter { @Value("${username}") private String username; @Value("${password}") private String password; @Value("${roles}") private String roles; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/secure/**").access("isFullyAuthenticated()").and().formLogin() .loginPage("/loginPage").loginProcessingUrl("/login").and().headers().contentTypeOptions().disable() .and().logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true).and() .rememberMe().useSecureCookie(true); } @Override protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception { authManagerBuilder.inMemoryAuthentication().passwordEncoder(new ShaPasswordEncoder(512)) .withUser(this.username).password(this.password).roles(this.roles); } @Bean public static PropertySourcesPlaceholderConfigurer placeHolderConfigurer() { return new PropertySourcesPlaceholderConfigurer(); } }