Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //Serwis logowania angular4
- login(f: any): Observable<any> {
- // w f przechowujemy dane z formularza - login i hasło (przy czym trzeba by je zaszyfrowac)
- let userName = f.userName;
- let password = f.password;
- let body = `username=${userName}&password=${password}`;
- let headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' });
- let options = new RequestOptions({ headers: headers })
- //istotny jest adres żadania j_spring_security_check
- return this.http.post('/j_spring_security_check', body, options).map(response => {
- // tu jakies bzdurki na dalsze potrzeby weryfikacji uprawnień)
- let resp = response.json()
- let user = new User()
- user.userName = resp.login
- user.roles = resp.authorities.map(role => role.authority)
- this.currentUser = user
- return user
- });
- }
- package upwm.fun.myshop.user;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- @Configuration
- @EnableWebSecurity
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- MyDBAuthenticationService myDBAauthenticationService;
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- //userzy na mockach
- auth.inMemoryAuthentication().withUser("mkyong").password("123456").roles("USER");
- auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN", "USER");
- auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");
- //userzy z bazy danych
- auth.userDetailsService(myDBAauthenticationService);
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // For ADMIN only.
- // http.authorizeRequests().antMatchers("/basket").access("hasRole('ROLE_ADMIN')");
- http
- .csrf().disable()
- .cors().and()
- .authorizeRequests()
- .antMatchers("/api/someEndpoint/**")
- .hasRole("ADMIN_ROLE").and().formLogin()
- .loginPage("/login").and().logout();
- http.authorizeRequests().and().formLogin()//
- // Submit URL of login page.
- .loginProcessingUrl("/j_spring_security_check") // Submit URL
- .loginPage("/login")//
- .defaultSuccessUrl("/login")//
- .failureUrl("/login")//
- .usernameParameter("username")//
- .passwordParameter("password")
- // Config for Logout Page
- .and().logout().logoutUrl("/logout").logoutSuccessUrl("/loggedOut");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement