Java tutorial
/* * This file is part of blog (https://github.com/jens-meiss/blog). * * blog is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * blog is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with blog. If not, see <http://www.gnu.org/licenses/>. */ package com.github.jens_meiss.blog.configuration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.view.InternalResourceViewResolver; import com.github.jens_meiss.blog.web.blog.BlogRequest; import com.github.jens_meiss.blog.web.dashboard.DashboardRequest; import com.github.jens_meiss.blog.web.home.HomeRequest; import com.github.jens_meiss.blog.web.user.UserController; import com.github.jens_meiss.blog.web.user.UserRequest; /** * The Class BlogWebSecurityAdapter. */ @Configuration @EnableWebMvcSecurity public class BlogWebSecurityAdapter extends WebMvcConfigurerAdapter { /** * The Class ApplicationSecurity. */ @Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter { /** The security. */ @Autowired private SecurityProperties security; /** The user controller. */ @Autowired private UserController userController; @Override protected void configure(final HttpSecurity http) throws Exception { http.authenticationProvider(userController); http.userDetailsService(userController); http.sessionManagement().sessionAuthenticationErrorUrl("/login"); http.sessionManagement().invalidSessionUrl("/"); http.sessionManagement().maximumSessions(1); http.authorizeRequests().antMatchers("/resources/css/**").permitAll() .antMatchers("/" + HomeRequest.HOME).permitAll().antMatchers("/" + UserRequest.USER_LOGIN) .permitAll().antMatchers("/" + UserRequest.USER_LOGIN_VALIDATE).permitAll() .antMatchers("/" + UserRequest.USER_LOGOUT).permitAll() .antMatchers("/" + UserRequest.USER_LOGOUT_SUCESSFULLY).permitAll() .antMatchers("/" + UserRequest.USER_ADD).permitAll() .antMatchers("/" + UserRequest.USER_ADD_VALIDATE).permitAll() .antMatchers("/" + BlogRequest.BLOG + "/**").permitAll().antMatchers("/error").permitAll() .anyRequest().authenticated(); http.formLogin().loginPage("/" + UserRequest.USER_LOGIN); http.formLogin().defaultSuccessUrl("/" + DashboardRequest.DASHBOARD, false); http.formLogin().failureUrl("/" + UserRequest.USER_LOGIN + "?error"); http.formLogin().loginProcessingUrl("/" + UserRequest.USER_LOGIN_VALIDATE); http.formLogin().passwordParameter("password"); http.formLogin().usernameParameter("username"); http.formLogin().permitAll(); http.logout().invalidateHttpSession(true); http.logout().logoutUrl("/" + UserRequest.USER_LOGOUT); http.logout().logoutSuccessUrl("/" + UserRequest.USER_LOGOUT_SUCESSFULLY); http.logout().deleteCookies("JSESSIONID"); http.logout().permitAll(); http.csrf(); } @Override public UserDetailsService userDetailsServiceBean() throws Exception { return userController; } } @Override public void addResourceHandlers(final ResourceHandlerRegistry registry) { registry.addResourceHandler("/resources/**").addResourceLocations("/resources/"); } @Override public void addViewControllers(final ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("/login"); } /** * Gets the bcrypt encoder. * * @return the bcrypt encoder */ @Bean public BCryptPasswordEncoder getBcryptEncoder() { return new BCryptPasswordEncoder(); } /** * Gets the view resolver. * * @return the view resolver */ @Bean public ViewResolver getViewResolver() { final InternalResourceViewResolver resolver = new InternalResourceViewResolver(); resolver.setPrefix("/WEB-INF/views/"); resolver.setSuffix(".jsp"); return resolver; } }