Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .csrf()
- .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
- .and()
- .addFilterBefore(corsFilter, CsrfFilter.class)
- .exceptionHandling()
- .authenticationEntryPoint(problemSupport)
- .accessDeniedHandler(problemSupport)
- .and()
- .rememberMe()
- .rememberMeServices(rememberMeServices)
- .rememberMeParameter("remember-me")
- .key(jHipsterProperties.getSecurity().getRememberMe().getKey())
- .and()
- .formLogin()
- .loginProcessingUrl("/api/authentication")
- .successHandler(ajaxAuthenticationSuccessHandler())
- .failureHandler(ajaxAuthenticationFailureHandler())
- .usernameParameter("j_username")
- .passwordParameter("j_password")
- .permitAll()
- .and()
- .logout()
- .logoutUrl("/api/logout")
- .logoutSuccessHandler(ajaxLogoutSuccessHandler())
- .permitAll()
- .and()
- .headers()
- .frameOptions()
- .disable()
- .and()
- .authorizeRequests()
- .antMatchers("/api/register").permitAll()
- .antMatchers("/api/activate").permitAll()
- .antMatchers("/api/authenticate").permitAll()
- .antMatchers("/api/account/reset-password/init").permitAll()
- .antMatchers("/api/account/reset-password/finish").permitAll()
- .antMatchers("/api/profile-info").permitAll()
- .antMatchers(org.springframework.http.HttpMethod.OPTIONS, "/api/**").permitAll()
- .antMatchers("/api/**").authenticated()
- .antMatchers("/api/**").fullyAuthenticated()
- .antMatchers("/management/health").permitAll()
- .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
- .antMatchers("/v2/api-docs/**").permitAll()
- .antMatchers("/swagger-resources/configuration/ui").permitAll()
- .antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN);
- }
- login(credentials): Observable<any> {
- const data = 'j_username=' + encodeURIComponent(credentials.username) +
- '&j_password=' + encodeURIComponent(credentials.password) +
- '&remember-me=' + credentials.rememberMe + '&submit=Login';
- const headers = new Headers ({
- 'Content-Type': 'application/x-www-form-urlencoded'
- });
- return this.http.post(SERVER_API_URL + 'api/authentication', data, { headers });
- }
- cors:
- allowed-origins: "*"
- allowed-methods: "*"
- allowed-headers: "*"
- exposed-headers: "Link,X-Total-Count"
- allow-credentials: true
- max-age: 1800
Add Comment
Please, Sign In to add comment