Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.movie.database.config;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.annotation.Value;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.context.annotation.Import;
- import org.springframework.context.annotation.PropertySource;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- import javax.sql.DataSource;
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
- @Import({WebDatasourceConfig.class})
- @PropertySource("classpath:security.properties")
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Value("${pattern}") String pattern;
- // Form Login
- @Value("${login.page}") String loginPage;
- @Value("${default.success.url}") String defaultSuccessUrl;
- @Value("${failure.url}") String failureUrl;
- @Value("${username.parameter}") String usernameParameter;
- @Value("${password.parameter}") String passwordParameter;
- // Logout
- @Value("${delete.cookies}") String deleteCookies;
- @Value("${invalidate.http.session}") boolean invalidateHttpSession;
- @Value("${clear.authentication}") boolean clearAuthentication;
- @Value("${logout.request.matcher}") String logoutRequestMatcher;
- @Value("${logout.success.url}") String logoutSuccessUrl;
- // Authentication Manager
- @Value("${users.by.username.query}") String usersByUsernameQuery;
- @Value("${authorities.by.username.query}") String authoritiesByUsernameQuery;
- // Password Encoder
- @Value("${strength.password.encoder}") int strengthPasswordEncoder;
- @Autowired
- private DataSource dataSource;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers(pattern).permitAll()
- .and()
- .formLogin()
- .loginPage(loginPage)
- .defaultSuccessUrl(defaultSuccessUrl)
- .failureUrl(failureUrl)
- .usernameParameter(usernameParameter)
- .passwordParameter(passwordParameter)
- .and()
- .logout()
- .deleteCookies(deleteCookies)
- .invalidateHttpSession(invalidateHttpSession)
- .clearAuthentication(clearAuthentication)
- .logoutRequestMatcher(new AntPathRequestMatcher(logoutRequestMatcher))
- .logoutSuccessUrl(logoutSuccessUrl)
- .and()
- .csrf().disable();
- }
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth.jdbcAuthentication()
- .passwordEncoder(passwordEncoder())
- .dataSource(dataSource)
- .usersByUsernameQuery(usersByUsernameQuery)
- .authoritiesByUsernameQuery(authoritiesByUsernameQuery);
- }
- @Bean
- public BCryptPasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder(strengthPasswordEncoder);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement