@Configuration@EnableWebSecuritypublic class ConfigSecurity extends WebSecurit

1. @Configuration
2. @EnableWebSecurity
3. public class ConfigSecurity extends WebSecurityConfigurerAdapter {
4.  
5. @Autowired
6. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
7. auth
8. .inMemoryAuthentication()
9. .withUser("user").password("password").roles("USER");
10. }
11.  
12.  
13. @Override
14. protected void configure( HttpSecurity http ) throws Exception {
15. http
16.  
17. //.csrf().disable() is commented because i dont want disable this kind of protection
18. .authorizeRequests()
19. .anyRequest().authenticated()
20. .and()
21. .formLogin()
22. .loginPage("/login")
23. .permitAll()
24. .and()
25. .logout()
26. .permitAll();
27. }
28. }
29.  
30. public class InitSecurity extends AbstractSecurityWebApplicationInitializer {
31.  
32. public InicializarSecurity() {
33. super(ConfigSecurity .class);
34.  
35. }
36. }
37.  
38. @EnableWebMvc
39. @ComponentScan(basePackages = {"com.myApp.R10"})
40. @Configuration
41. public class ConfigApp extends WebMvcConfigurerAdapter{
42.  
43. @Override
44. public void addResourceHandlers(ResourceHandlerRegistry registry) {
45. registry.addResourceHandler("/css/**").addResourceLocations("/css/**");
46. registry.addResourceHandler("/img/**").addResourceLocations("/img/**");
47. registry.addResourceHandler("/js/**").addResourceLocations("/js/**");
48. registry.addResourceHandler("/sound/**").addResourceLocations("/sound/**");
49. registry.addResourceHandler("/fonts/**").addResourceLocations("/fonts/**");
50. }
51.  
52. @Override
53. public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
54. configurer.enable();
55. }
56.  
57. @Bean
58. public MessageSource messageSource() {
59. ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
60. messageSource.setBasenames("classpath:messages/messages");
61. messageSource.setUseCodeAsDefaultMessage(true);
62. messageSource.setDefaultEncoding("UTF-8");
63. messageSource.setCacheSeconds(0);// # -1 : never reload, 0 always reload
64. return messageSource;
65. }
66. // THYMELEAF
67.  
68. @Bean
69. public ServletContextTemplateResolver templateResolver() {
70. ServletContextTemplateResolver resolver = new ServletContextTemplateResolver();
71. resolver.setPrefix("/WEB-INF/views/pagLogin/");
72. resolver.setSuffix(".html");
73. resolver.setTemplateMode("HTML5");
74. resolver.setOrder(0);
75. resolver.setCacheable(false);
76. return resolver;
77. }
78.  
79. @Bean
80. public SpringTemplateEngine templateEngine() {
81. SpringTemplateEngine engine = new SpringTemplateEngine();
82. engine.setTemplateResolver( templateResolver() );
83. engine.setMessageSource( messageSource() );
84.  
85.  
86.  
87. return engine;
88. }
89.  
90. @Bean
91. public ThymeleafViewResolver thymeleafViewResolver() {
92. ThymeleafViewResolver resolver = new ThymeleafViewResolver();
93.  
94. resolver.setTemplateEngine( templateEngine() );
95. resolver.setOrder(1);
96.  
97. resolver.setCache( false );
98. return resolver;
99. }
100.  
101. @Bean
102. public SpringResourceTemplateResolver thymeleafSpringResource() {
103. SpringResourceTemplateResolver vista = new SpringResourceTemplateResolver();
104. vista.setTemplateMode("HTML5");
105. return vista;
106. }
107. }
108.  
109. public class InicializarApp extends AbstractAnnotationConfigDispatcherServletInitializer {
110.  
111. @Override
112. protected Class<?>[] getRootConfigClasses() {
113. return null;
114. }
115. @Override
116. protected Class<?>[] getServletConfigClasses() {
117. return new Class[] { ConfigApp .class };
118. }
119.  
120. @Override
121. protected String[] getServletMappings() {
122. return new String[]{"/"};
123. }
124.  
125. @Override
126. protected Filter[] getServletFilters() {
127. return new Filter[] { new HiddenHttpMethodFilter() };
128. }
129. }
130.  
131. @Controller
132. public class ControllerLogin {
133.  
134.  
135.  
136. @RequestMapping(value = "/login", method = RequestMethod.GET)
137. public String pageLogin(Model model) {
138.  
139.  
140.  
141. return "login";
142. }
143.  
144. @Controller
145. public class HomeController {
146.  
147. @RequestMapping(value = "/", method = RequestMethod.GET)
148. public String home(Model model) {
149.  
150.  
151. return "home";
152. }
153.  
154.  
155. }
156.  
157. <html xmlns:th="http://www.thymeleaf.org" xmlns:tiles="http://www.thymeleaf.org">
158. <head>
159. <title tiles:fragment="title">Messages : Create</title>
160. </head>
161. <body>
162. <div tiles:fragment="content">
163. <form name="f" th:action="@{/login}" method="post">
164. <fieldset>
165. <legend>Please Login</legend>
166. <div th:if="${param.error}" class="alert alert-error">
167. Invalid username and password.
168. </div>
169. <div th:if="${param.logout}" class="alert alert-success">
170. You have been logged out.
171. </div>
172.  
173. <label for="username">Username</label>
174. <input type="text" id="username" name="username"/>
175. <label for="password">Password</label>
176. <input type="password" id="password" name="password"/>
177.  
178. <div class="form-actions">
179. <button type="submit" class="btn">Log in</button>
180. </div>
181.  
182. <!-- THIS IS COMMENTED it dont work beacuse i am already using thymeleaf <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> -->
183.  
184.  
185. </fieldset>
186. </form>
187. </div>
188.  
189.  
190. </body>
191. </html>
192.  
193. <form name="f" th:action="@{/login}" method="post">
194. <fieldset>
195. <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
196. ...
197. </fieldset>
198. </form>
199.  
200. <dependency>
201. <groupId>org.thymeleaf.extras</groupId>
202. <artifactId>thymeleaf-extras-springsecurity3</artifactId>
203. <version>2.1.2.RELEASE</version>
204. </dependency>
205.  
206. import org.thymeleaf.extras.springsecurity3.dialect.SpringSecurityDialect;
207. templateEngine.addDialect(new SpringSecurityDialect()); //add this line in your config