sd

package com.movie.database.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import javax.sql.DataSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@Import({WebDatasourceConfig.class})
@PropertySource("classpath:security.properties")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${pattern}") String pattern;

    // Form Login
    @Value("${login.page}") String loginPage;
    @Value("${default.success.url}") String defaultSuccessUrl;
    @Value("${failure.url}") String failureUrl;
    @Value("${username.parameter}") String usernameParameter;
    @Value("${password.parameter}") String passwordParameter;

    // Logout
    @Value("${delete.cookies}") String deleteCookies;
    @Value("${invalidate.http.session}") boolean invalidateHttpSession;
    @Value("${clear.authentication}") boolean clearAuthentication;
    @Value("${logout.request.matcher}") String logoutRequestMatcher;
    @Value("${logout.success.url}") String logoutSuccessUrl;

    // Authentication Manager
    @Value("${users.by.username.query}") String usersByUsernameQuery;
    @Value("${authorities.by.username.query}") String authoritiesByUsernameQuery;

    // Password Encoder
    @Value("${strength.password.encoder}") int strengthPasswordEncoder;

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(pattern).permitAll()
                .and()
                    .formLogin()
                        .loginPage(loginPage)
                        .defaultSuccessUrl(defaultSuccessUrl)
                        .failureUrl(failureUrl)
                        .usernameParameter(usernameParameter)
                        .passwordParameter(passwordParameter)
                .and()
                    .logout()
                        .deleteCookies(deleteCookies)
                        .invalidateHttpSession(invalidateHttpSession)
                        .clearAuthentication(clearAuthentication)
                        .logoutRequestMatcher(new AntPathRequestMatcher(logoutRequestMatcher))
                        .logoutSuccessUrl(logoutSuccessUrl)
                .and()
                    .csrf().disable();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .passwordEncoder(passwordEncoder())
                .dataSource(dataSource)
                .usersByUsernameQuery(usersByUsernameQuery)
                .authoritiesByUsernameQuery(authoritiesByUsernameQuery);
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(strengthPasswordEncoder);
    }
}