@Configuration@EnableWebSecuritypublic class WebSecurityConfiguration extends

1. @Configuration
2. @EnableWebSecurity
3. public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
4.  
5. @Autowired
6. private CustomAuthenticationProvider authProvider;
7.  
8. @Autowired
9. private AuthSuccessHandler authHandler;
10. @Autowired
11. private AuthFailureHandler authFailureHandler;
12.  
13.  
14. @Override
15. protected void configure(HttpSecurity http) throws Exception {
16. http.authorizeRequests()
17. .antMatchers("/resources/**","/rest/**")
18. .permitAll().anyRequest().authenticated()
19. .and()
20. .formLogin()
21. .loginPage("/login")
22. .successHandler(authHandler)
23. .failureHandler(authFailureHandler)
24. .usernameParameter("username").passwordParameter("password")
25. .permitAll()
26. .and().csrf().disable();
27. }
28.  
29. @Autowired
30. protected void configureGlobal(AuthenticationManagerBuilder auth) {
31.  
32. auth.authenticationProvider(authProvider);
33. }
34. }
35.  
36. Success Handler
37.  
38. @Component
39. public class AuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
40.  
41. private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
42. @Override
43. protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
44. redirectStrategy.sendRedirect(request, response, "/home");
45. }
46. }
47.  
48.  
49. Failure Handler
50.  
51. @Component
52. public class AuthFailureHandler extends SimpleUrlAuthenticationFailureHandler{
53.  
54. private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
55. @Override
56. public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
57. throws IOException, ServletException {
58. System.out.println("AuthFailureHandler.onAuthenticationFailure()");
59. redirectStrategy.sendRedirect(request, response, "/login?msg=Bad Credentials");
60. }
61. }
62.  
63.  
64. Custom Authentication Provider
65.  
66. @Component
67. public class CustomAuthenticationProvider implements AuthenticationProvider
68. {
69. public Authentication authenticate(Authentication authentication) throws AuthenticationException {
70.  
71. UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
72. String username = (String)token.getPrincipal();
73. String password = (String) token.getCredentials(); // retrieve the password
74. System.out.println("username="+username+" password="+password);
75. flag = //autheticate logic
76. if(flag) {
77. List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
78. authorities.add(new SimpleGrantedAuthority("ROLE_ONE"));
79. authorities.add(new SimpleGrantedAuthority("ROLE_TWO"));
80. return new UsernamePasswordAuthenticationToken(username, password, authorities);
81. }
82. else
83. throw new BadCredentialsException("401");
84. }
85.  
86. public boolean supports(Class<?> object) {
87. return object.equals(UsernamePasswordAuthenticationToken.class);
88. }
89. }
90.  
91. Controller :
92. Below is the controller configuration
93.  
94. @RequestMapping(value = "/login", method = RequestMethod.GET)
95. public ModelAndView login(@RequestParam(name="msg",required=false) String message)
96. {
97. System.out.println("HomeController.login()"+message);
98. return new ModelAndView("login","message",message);
99. }