Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package softuniBlog.config;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.boot.autoconfigure.security.SecurityProperties;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.core.annotation.Order;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- @Configuration
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- @EnableWebSecurity
- @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private UserDetailsService userDetailsService;
- @Autowired
- public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(this.userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers("/admin/**").hasRole("ADMIN")
- .anyRequest().permitAll()
- .and()
- .formLogin().loginPage("/login")
- .usernameParameter("email").passwordParameter("password")
- .and()
- .logout().logoutSuccessUrl("/login?logout")
- .and()
- .exceptionHandling().accessDeniedPage("/error/403")
- .and()
- .csrf();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement