Java tutorial
/******************************************************************************* * Copyright 2015 Brient Oh @ Pristine Core * boh@pristinecore.com * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. *******************************************************************************/ package com.mysample.springbootsample.config; import java.util.EnumSet; import javax.servlet.DispatcherType; import javax.servlet.Filter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.context.embedded.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired @Qualifier("customUserDetailsService") private UserDetailsService customUserDetailsService; @Override protected void configure(HttpSecurity httpSecurity) throws Exception { // Security configuration for H2 console access // !!!! You MUST NOT use this configuration for PRODUCTION site !!!! httpSecurity.authorizeRequests().antMatchers("/console/**").permitAll(); httpSecurity.csrf().disable(); httpSecurity.headers().frameOptions().disable(); // static resources httpSecurity.authorizeRequests() .antMatchers("/css/**", "/js/**", "/images/**", "/resources/**", "/webjars/**").permitAll(); httpSecurity.authorizeRequests().antMatchers("/signin").anonymous().anyRequest().authenticated().and() .formLogin().loginPage("/signin").loginProcessingUrl("/sign-in-process.html") .failureUrl("/signin?error").usernameParameter("username").passwordParameter("password") .defaultSuccessUrl("/admin/dashboard.html", true).and().logout().logoutSuccessUrl("/signin?logout"); httpSecurity.exceptionHandling().accessDeniedPage("/admin/dashboard.html"); httpSecurity.sessionManagement().invalidSessionUrl("/signin"); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(customUserDetailsService); // In case of password encryption - for production site //auth.userDetailsService(customerUserDetailsService).passwordEncoder(passwordEncoder()); } @Bean public FilterRegistrationBean getSpringSecurityFilterChainBindedToError( @Qualifier("springSecurityFilterChain") Filter springSecurityFilterChain) { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(springSecurityFilterChain); registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class)); return registration; } @Bean public PasswordEncoder passwordEncoder() { PasswordEncoder encoder = new BCryptPasswordEncoder(); return encoder; } }