Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.training.spring.configuration;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.annotation.Qualifier;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- @Configuration
- @EnableWebSecurity
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- @Qualifier("userService")
- UserDetailsService userDetailsService;
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
- // auth.inMemoryAuthentication().withUser("user").password("123").roles("ADMIN");
- // auth.inMemoryAuthentication().withUser("admin").password("123").roles("ADMIN");
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers("/add").hasRole("ADMIN")
- .antMatchers("/resources/**").permitAll()
- .anyRequest().authenticated()
- .and().formLogin().loginPage("/login").permitAll()
- .usernameParameter("username").passwordParameter("password")
- .and().logout().permitAll()
- .and().csrf()
- .and().exceptionHandling().accessDeniedPage("/login");
- /*.antMatchers("/add").hasRole("ADMIN")
- .antMatchers("/resources/**").permitAll()
- .anyRequest().authenticated()
- .and().formLogin().loginPage("/login").permitAll()
- .and().logout().permitAll()
- .and().exceptionHandling().accessDeniedPage("/login");*/
- }
- @Bean
- public PasswordEncoder passwordEncoder(){
- PasswordEncoder encoder = new BCryptPasswordEncoder();
- return encoder;
- }
- }
- login.jsp
- <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
- <html>
- <head>
- <title>Login Page</title>
- <link rel="stylesheet" type="text/css" href="<c:url value="/resources/css/grid.css"/>">
- </head>
- <body style="padding:2% 10% 10% 10%" onload='document.loginForm.username.focus();'>
- <div>
- <c:if test="${param.error.isEmpty()}">
- <div class="row">
- <div class="column column-6"><span style="color:red">Invalid</span></div>
- </div>
- </c:if>
- <form name='loginForm'
- action="login" method='POST'>
- <table>
- <tr>
- <td>User:</td>
- <td><input type='text' name='username' value=''></td>
- </tr>
- <tr>
- <td>Password:</td>
- <td><input type='password' name='password' /></td>
- </tr>
- <tr>
- <td colspan='2'>
- <input name="submit" type="submit" value="submit" />
- </td>
- </tr>
- </table>
- <input type="hidden"
- name="${_csrf.parameterName}" value="${_csrf.token}" />
- </form>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement