@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurit

1. @Configuration
2. @EnableWebSecurity
3. public class SecurityConfig extends WebSecurityConfigurerAdapter{
4.  
5. @Override
6. protected void configure(HttpSecurity http)throws Exception{
7. http
8. .authorizeRequests()
9. .antMatchers("/").permitAll()
10. .antMatchers("/admin/**").hasRole("USER")
11. .and()
12. .formLogin()
13. .loginPage("/login")
14. .and()
15. .logout()
16. .deleteCookies("JSESSIONID")
17. .and()
18. .rememberMe();
19. }
20.  
21. @Autowired
22. private AuthenticationProvider authenticationProvider;
23.  
24. @Autowired
25. private UserDetailsService userDetailsService;
26.  
27. @Autowired
28. public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
29. auth.authenticationProvider(authenticationProvider);
30. auth.userDetailsService(userDetailsService);
31. }
32.  
33. public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer{}
34. }
35.  
36. @Service
37. public class UserServiceImpl implements UserDetailsService {
38.  
39. @Autowired
40. UserRepository userRepository;
41.  
42. @Autowired
43. RoleRepository roleRepository;
44.  
45. public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
46.  
47. RentalWebsUser userInfo = userRepository.getUserByUsername(username);
48. List<GrantedAuthority> authorities = roleRepository.getRolesByUsername(username);
49.  
50. if(userInfo != null && !authorities.isEmpty()){
51. User user = new User(userInfo.getUsername(), userInfo.getPassword(), true, true, true, true, authorities);
52.  
53. RentalWebsUser userDetails = new RentalWebsUser(user, userInfo.getIdweb(), userInfo.getName(), userInfo.getSurname());
54.  
55. return userDetails;
56.  
57. } else throw new UsernameNotFoundException("Wrong user/password");
58. }
59.  
60. }
61.  
62. @Component
63. public class RwAuthenticationProvider implements AuthenticationProvider {
64.  
65. RentalWebsUser userDetails;
66.  
67. @Autowired
68. UserDetailsService userService;
69.  
70. public Authentication authenticate(Authentication authentication) throws AuthenticationException {
71.  
72. User user = null;
73. Authentication auth = null;
74. String username = authentication.getName();
75. String password = authentication.getCredentials().toString();
76.  
77. userDetails = (RentalWebsUser) userService.loadUserByUsername(username);
78.  
79. if(userDetails != null){
80. user = userDetails.getUser();
81. } else throw new UsernameNotFoundException("Wrong user/password");
82.  
83. if(password == null || !password.equals(user.getPassword())) throw new UsernameNotFoundException("Wrong user/password");
84.  
85. if(user != null){
86. auth = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities());
87. } else throw new UsernameNotFoundException("Wrong user/password");
88.  
89. return auth;
90. }
91.  
92. public RentalWebsUser getUserDetails(){
93. return userDetails;
94. }
95.  
96. @Override
97. public boolean supports(Class<?> type) {
98. return true;
99. }
100.  
101. }
102.  
103. public class MvcWebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
104.  
105. @Override
106. protected Class<?>[] getRootConfigClasses() {
107. return new Class[]{SecurityConfig.class};
108. }