Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package org.fon.documentmanagementsystem.config.security; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * * @author Vukasin */ @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private CustomUserDetailsService customUserDetailsService; @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(customUserDetailsService); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/resources/**").permitAll().antMatchers("/subsystems/**") .hasAuthority("SUPERADMIN").antMatchers("/admins/adm/**").hasAuthority("SUPERADMIN") .antMatchers("/admins/usr/**").hasAuthority("ADMIN").antMatchers("/processes/adm/**") .hasAuthority("ADMIN").antMatchers("/processes/usr/**").hasAuthority("USER") .antMatchers("/documenttypes/**").hasAuthority("ADMIN").antMatchers("/activity/adm/**") .hasAuthority("ADMIN").antMatchers("/activity/user/**").hasAuthority("USER") .antMatchers("/documents/**").hasAuthority("USER") // .antMatchers("/api/processes/**").hasAuthority("ADMIN") // .antMatchers("/api/processes/**").hasAuthority("USER") .anyRequest().authenticated().and().exceptionHandling().accessDeniedPage("/403").and().formLogin() .loginPage("/login").permitAll().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login") .and().csrf().disable(); } }