@Componentpublic class RESTAuthenticationEntryPoint implements AuthenticationE

1. @Component
2. public class RESTAuthenticationEntryPoint implements AuthenticationEntryPoint {
3.    
4.     @Override
5.     public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e)
6.             throws IOException, ServletException {
7.         httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
8.                            "Unauthorized");
9.        
10.     }
11.    
12. }
13.  
14.  
15. @Component
16. public class RESTAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
17.    
18.     @Override
19.     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
20.             throws IOException, ServletException {
21.         super.onAuthenticationFailure(request, response, exception);
22.     }
23. }
24.  
25.  
26. @Component
27. public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
28.     private RequestCache requestCache = new HttpSessionRequestCache();
29.    
30.     @Override
31.     public void onAuthenticationSuccess(
32.             HttpServletRequest request,
33.             HttpServletResponse response,
34.             Authentication authentication)
35.             throws ServletException, IOException {
36.        
37.         SavedRequest savedRequest
38.                 = requestCache.getRequest(request, response);
39.        
40.         if (savedRequest == null) {
41.             clearAuthenticationAttributes(request);
42.             return;
43.         }
44.         String targetUrlParam = getTargetUrlParameter();
45.         if (isAlwaysUseDefaultTargetUrl()
46.             || (targetUrlParam != null
47.                 && StringUtils.hasText(request.getParameter(targetUrlParam)))) {
48.             requestCache.removeRequest(request, response);
49.             clearAuthenticationAttributes(request);
50.             return;
51.         }
52.        
53.         clearAuthenticationAttributes(request);
54.     }
55.    
56.     public void setRequestCache(RequestCache requestCache) {
57.         this.requestCache = requestCache;
58.     }
59.  
60. }
61.  
62.  
63.  
64.  
65. @Configuration
66. @EnableWebSecurity
67. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
68.    
69.     @Autowired
70.     private RESTAuthenticationEntryPoint restAuthenticationEntryPoint;
71.     @Autowired
72.     private RESTAuthenticationSuccessHandler restAuthenticationSuccessHandler;
73.     @Autowired
74.     private RESTAuthenticationFailureHandler restAuthenticationFailureHandler;
75.    
76.     @Bean
77.     public PasswordEncoder passwordEncoder() {
78.         return new BCryptPasswordEncoder();
79.     }
80.    
81.     @Override
82.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
83.         auth.inMemoryAuthentication()
84.             .withUser("john").password("pass1").roles("USER").and()
85.             .withUser("lenny").password("pass2").roles("USER");
86.     }
87.    
88.     @Override
89.     protected void configure(HttpSecurity http) throws Exception {
90.        
91.        
92.                 http
93.                 .csrf().disable()
94.                 .exceptionHandling()
95.                 .authenticationEntryPoint(restAuthenticationEntryPoint)
96.                 .and()
97.                 .authorizeRequests()
98.                 .antMatchers("/secure/**").authenticated()
99.                 .and()
100.                 .formLogin()
101.                 .successHandler(restAuthenticationSuccessHandler)
102.                 .failureHandler(restAuthenticationFailureHandler)
103.                 .and()
104.                 .logout();
105.                 http.cors();
106.     }
107.    
108. }