Java tutorial
/* * Copyright (c) 2016 Prasenjit Purohit * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package net.prasenjit.auth.config; import net.prasenjit.auth.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.csrf.CsrfFilter; import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; /** * Created by PRASEN on 4/3/2016. * * @author PRASEN * @version $Id: $Id */ @Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Autowired private PasswordEncoder passwordEncoder; @Autowired private CustomAjaxAwareHandler ajaxAwareHandler; /** * {@inheritDoc} */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService).passwordEncoder(passwordEncoder); } /** * {@inheritDoc} */ @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/webjars/**", "/partials/**", "/", "/index.html"); } /** * {@inheritDoc} */ @Override protected void configure(HttpSecurity http) throws Exception { //@formatter:off http.csrf().csrfTokenRepository(csrfTokenRepository()).and().exceptionHandling() .accessDeniedHandler(ajaxAwareHandler).authenticationEntryPoint(ajaxAwareHandler).and().formLogin() .loginPage("/login").permitAll().loginProcessingUrl("/api/login").successHandler(ajaxAwareHandler) .failureHandler(ajaxAwareHandler).and().logout().logoutUrl("/api/logout") .logoutSuccessHandler(ajaxAwareHandler).invalidateHttpSession(true).permitAll().and() .authorizeRequests().antMatchers(HttpMethod.PUT, "/api/user").anonymous().anyRequest() .authenticated().and().addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class); //@formatter:on } private HttpSessionCsrfTokenRepository csrfTokenRepository() { HttpSessionCsrfTokenRepository tokenRepository = new HttpSessionCsrfTokenRepository(); tokenRepository.setHeaderName("X-XSRF-TOKEN"); return tokenRepository; } }