Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package com.pegawai.app; import javax.sql.DataSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * * @author adrian */ @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.jdbcAuthentication().dataSource(dataSource) .usersByUsernameQuery("select username, password, 'true' enabled from pegawai where username = ?") .authoritiesByUsernameQuery("select username, role as authority from pegawai where username = ?"); } protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/assets/**").permitAll().antMatchers("/jabatan/**") .hasAuthority("ADM").antMatchers("/pegawai/**").hasAuthority("OPR").anyRequest().authenticated() .and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").and().formLogin() .loginPage("/login").defaultSuccessUrl("/index", true).permitAll(); } }