Advertisement
Guest User

Untitled

a guest
Jun 18th, 2019
85
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.34 KB | None | 0 0
  1. @Configuration
  2.  
  3. @Autowired
  4. private UserDetailsServiceImpl userDetailsService;
  5.  
  6. @Autowired
  7. private DataSource dataSource;
  8.  
  9.  
  10. @Bean
  11. public BCryptPasswordEncoder passwordEncoder() {
  12. BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
  13. return bCryptPasswordEncoder;
  14. }
  15.  
  16. @Autowired
  17. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  18.  
  19. // Setting Service to find User in the database.
  20. // And Setting PassswordEncoder
  21. auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
  22.  
  23.  
  24. }
  25.  
  26. @Override
  27. protected void configure(HttpSecurity http) throws Exception {
  28.  
  29. http.csrf().disable();
  30.  
  31. // The pages does not require login
  32. http.authorizeRequests().antMatchers("/", "/account/login", "/logout","/activation/*","/changemail/*", "/account/reset").permitAll();
  33.  
  34. // /userInfo page requires login as ROLE_USER or ROLE_ADMIN.
  35. // If no login, it will redirect to /login page.
  36. http.authorizeRequests().antMatchers("/account/dashboard","/store", "/store/*").access("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')");
  37.  
  38. // For ADMIN only.
  39. http.authorizeRequests().antMatchers("/admin").access("hasRole('ROLE_ADMIN')");
  40.  
  41. // When the user has logged in as XX.
  42. // But access a page that requires role YY,
  43. // AccessDeniedException will be thrown.
  44. http.authorizeRequests().and().exceptionHandling().accessDeniedPage("/404");
  45.  
  46. // Config for Login Form
  47. http.authorizeRequests().and().formLogin()//
  48. // Submit URL of login page.
  49. .loginProcessingUrl("/j_spring_security_check") // Submit URL
  50. .loginPage("/account/login")//
  51. .defaultSuccessUrl("/account/dashboard")//
  52. .failureUrl("/account/login?error=true")//
  53. .usernameParameter("username")//
  54. .passwordParameter("password")
  55. // Config for Logout Page
  56. .and().logout().logoutUrl("/logout").logoutSuccessUrl("/logoutSuccessful");
  57.  
  58. // Config Remember Me.
  59. http.authorizeRequests().and() //
  60. .rememberMe().tokenRepository(this.persistentTokenRepository()) //
  61. .tokenValiditySeconds(1 * 24 * 60 * 60); // 24h
  62.  
  63. }
  64.  
  65. @Bean
  66. public PersistentTokenRepository persistentTokenRepository() {
  67. JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl();
  68. db.setDataSource(dataSource);
  69. return db;
  70. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement