Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- @Autowired
- private UserDetailsServiceImpl userDetailsService;
- @Autowired
- private DataSource dataSource;
- @Bean
- public BCryptPasswordEncoder passwordEncoder() {
- BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
- return bCryptPasswordEncoder;
- }
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- // Setting Service to find User in the database.
- // And Setting PassswordEncoder
- auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable();
- // The pages does not require login
- http.authorizeRequests().antMatchers("/", "/account/login", "/logout","/activation/*","/changemail/*", "/account/reset").permitAll();
- // /userInfo page requires login as ROLE_USER or ROLE_ADMIN.
- // If no login, it will redirect to /login page.
- http.authorizeRequests().antMatchers("/account/dashboard","/store", "/store/*").access("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')");
- // For ADMIN only.
- http.authorizeRequests().antMatchers("/admin").access("hasRole('ROLE_ADMIN')");
- // When the user has logged in as XX.
- // But access a page that requires role YY,
- // AccessDeniedException will be thrown.
- http.authorizeRequests().and().exceptionHandling().accessDeniedPage("/404");
- // Config for Login Form
- http.authorizeRequests().and().formLogin()//
- // Submit URL of login page.
- .loginProcessingUrl("/j_spring_security_check") // Submit URL
- .loginPage("/account/login")//
- .defaultSuccessUrl("/account/dashboard")//
- .failureUrl("/account/login?error=true")//
- .usernameParameter("username")//
- .passwordParameter("password")
- // Config for Logout Page
- .and().logout().logoutUrl("/logout").logoutSuccessUrl("/logoutSuccessful");
- // Config Remember Me.
- http.authorizeRequests().and() //
- .rememberMe().tokenRepository(this.persistentTokenRepository()) //
- .tokenValiditySeconds(1 * 24 * 60 * 60); // 24h
- }
- @Bean
- public PersistentTokenRepository persistentTokenRepository() {
- JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl();
- db.setDataSource(dataSource);
- return db;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement