Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- @EnableWebSecurity
- @RequiredArgsConstructor
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- private final UserDetailsService userDetailsService;
- private final BCryptPasswordEncoder bCryptPasswordEncoder;
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable();
- http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
- http.authorizeRequests().antMatchers("/login/**", "/api/token/refresh/**").permitAll();
- http.authorizeRequests().antMatchers(GET, "/api/user/**").hasAnyAuthority("ROLE_SUPERADMIN");
- http.authorizeRequests().antMatchers(POST, "/api/user/save/**").hasAnyAuthority("ROLE_ADMIN");
- http.authorizeRequests().anyRequest().authenticated();
- http.addFilter(new CustomAuthFilter(authenticationManagerBean()));
- http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
- }
- @Bean
- @Override
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
