Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package ru.langboost.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.password.PasswordEncoder; import ru.langboost.security.SaltedSHA256PasswordEncoder; import ru.langboost.services.user.UserService; import javax.inject.Inject; import java.security.NoSuchAlgorithmException; /** * * @author bad */ @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Inject public void configureGlobal(AuthenticationManagerBuilder auth, UserService userService) throws Exception { // auth.inMemoryAuthentication().withUser("user").password("user").roles("USER"); // auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN"); auth.userDetailsService(userService).passwordEncoder(getPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { // http.authorizeRequests() // .antMatchers("/protected/**").access("hasRole('ROLE_ADMIN')"); http.csrf().disable();// http.formLogin().loginPage("/login").defaultSuccessUrl("/", false); http.httpBasic().realmName("Protected API"); // http.authorizeRequests().anyRequest(); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/resources/**"); } @Bean public PasswordEncoder getPasswordEncoder() throws NoSuchAlgorithmException { return new SaltedSHA256PasswordEncoder("eGwg5hd44"); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } }