package com.training.spring.configuration;import org.springframework.beans.f

1. package com.training.spring.configuration;
2.  
3. import org.springframework.beans.factory.annotation.Autowired;
4. import org.springframework.beans.factory.annotation.Qualifier;
5. import org.springframework.context.annotation.Bean;
6. import org.springframework.context.annotation.Configuration;
7. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
8. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
9. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
10. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
11. import org.springframework.security.core.userdetails.UserDetailsService;
12. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
13. import org.springframework.security.crypto.password.PasswordEncoder;
14.  
15. @Configuration
16. @EnableWebSecurity
17. public class SecurityConfig extends WebSecurityConfigurerAdapter {
18.  
19. @Autowired
20. @Qualifier("userService")
21. UserDetailsService userDetailsService;
22.  
23. @Autowired
24. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
25. auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
26. // auth.inMemoryAuthentication().withUser("user").password("123").roles("ADMIN");
27. // auth.inMemoryAuthentication().withUser("admin").password("123").roles("ADMIN");
28. }
29.  
30. @Override
31. protected void configure(HttpSecurity http) throws Exception {
32.  
33. http.authorizeRequests()
34. .antMatchers("/add").hasRole("ADMIN")
35. .antMatchers("/resources/**").permitAll()
36. .anyRequest().authenticated()
37. .and().formLogin().loginPage("/login").permitAll()
38. .usernameParameter("username").passwordParameter("password")
39. .and().logout().permitAll()
40. .and().csrf()
41. .and().exceptionHandling().accessDeniedPage("/login");
42. /*.antMatchers("/add").hasRole("ADMIN")
43. .antMatchers("/resources/**").permitAll()
44. .anyRequest().authenticated()
45. .and().formLogin().loginPage("/login").permitAll()
46. .and().logout().permitAll()
47. .and().exceptionHandling().accessDeniedPage("/login");*/
48. }
49.  
50. @Bean
51. public PasswordEncoder passwordEncoder(){
52. PasswordEncoder encoder = new BCryptPasswordEncoder();
53. return encoder;
54. }
55.  
56. }
57.  
58.  
59. login.jsp
60. <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
61. <html>
62. <head>
63. <title>Login Page</title>
64. <link rel="stylesheet" type="text/css" href="<c:url value="/resources/css/grid.css"/>">
65. </head>
66. <body style="padding:2% 10% 10% 10%" onload='document.loginForm.username.focus();'>
67.  
68. <div>
69. <c:if test="${param.error.isEmpty()}">
70. <div class="row">
71. <div class="column column-6"><span style="color:red">Invalid</span></div>
72. </div>
73. </c:if>
74. <form name='loginForm'
75. action="login" method='POST'>
76.  
77. <table>
78. <tr>
79. <td>User:</td>
80. <td><input type='text' name='username' value=''></td>
81. </tr>
82. <tr>
83. <td>Password:</td>
84. <td><input type='password' name='password' /></td>
85. </tr>
86. <tr>
87. <td colspan='2'>
88. <input name="submit" type="submit" value="submit" />
89. </td>
90. </tr>
91. </table>
92.  
93. <input type="hidden"
94. name="${_csrf.parameterName}" value="${_csrf.token}" />
95. </form>
96. </div>
97.  
98. </body>
99. </html>