Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- @EnableWebSecurity
- public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
- @Autowired
- private CustomAuthenticationProvider authProvider;
- @Autowired
- private AuthSuccessHandler authHandler;
- @Autowired
- private AuthFailureHandler authFailureHandler;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers("/resources/**","/rest/**")
- .permitAll().anyRequest().authenticated()
- .and()
- .formLogin()
- .loginPage("/login")
- .successHandler(authHandler)
- .failureHandler(authFailureHandler)
- .usernameParameter("username").passwordParameter("password")
- .permitAll()
- .and().csrf().disable();
- }
- @Autowired
- protected void configureGlobal(AuthenticationManagerBuilder auth) {
- auth.authenticationProvider(authProvider);
- }
- }
- Success Handler
- @Component
- public class AuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
- private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
- @Override
- protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
- redirectStrategy.sendRedirect(request, response, "/home");
- }
- }
- Failure Handler
- @Component
- public class AuthFailureHandler extends SimpleUrlAuthenticationFailureHandler{
- private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
- @Override
- public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
- throws IOException, ServletException {
- System.out.println("AuthFailureHandler.onAuthenticationFailure()");
- redirectStrategy.sendRedirect(request, response, "/login?msg=Bad Credentials");
- }
- }
- Custom Authentication Provider
- @Component
- public class CustomAuthenticationProvider implements AuthenticationProvider
- {
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
- String username = (String)token.getPrincipal();
- String password = (String) token.getCredentials(); // retrieve the password
- System.out.println("username="+username+" password="+password);
- flag = //autheticate logic
- if(flag) {
- List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
- authorities.add(new SimpleGrantedAuthority("ROLE_ONE"));
- authorities.add(new SimpleGrantedAuthority("ROLE_TWO"));
- return new UsernamePasswordAuthenticationToken(username, password, authorities);
- }
- else
- throw new BadCredentialsException("401");
- }
- public boolean supports(Class<?> object) {
- return object.equals(UsernamePasswordAuthenticationToken.class);
- }
- }
- Controller :
- Below is the controller configuration
- @RequestMapping(value = "/login", method = RequestMethod.GET)
- public ModelAndView login(@RequestParam(name="msg",required=false) String message)
- {
- System.out.println("HomeController.login()"+message);
- return new ModelAndView("login","message",message);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement