@Configuration@EnableWebSecuritypublic class WebSecurityConfig extends WebSecu

1. @Configuration
2. @EnableWebSecurity
3. public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
4.  
5. @Autowired
6. private UserDetailsService userDetailsService;
7.  
8. @Override
9. protected void configure(HttpSecurity http) throws Exception {
10. http.authorizeRequests()
11. .antMatchers("/","/about","/contact","/v1/**").permitAll()
12. .antMatchers("/admin/otp").hasRole("PRE_AUTH_USER")
13. .antMatchers("/admin/**").hasAnyRole("SuperAdmin","BackOffice")
14. .antMatchers("/admin/dashboard/**").hasAnyRole("BankAdmin","CallAdmin")
15. //.antMatchers("/api/**").hasRole("FieldPerson")
16. .anyRequest().authenticated();
17.  
18. http.formLogin()
19. .loginPage("/admin/login")
20. .permitAll()
21. .defaultSuccessUrl("/admin/otp", true)
22. .and()
23. .logout()
24. .logoutSuccessUrl("/admin/login")
25. .permitAll();
26.  
27. http.exceptionHandling().accessDeniedPage("/error/403");
28. }
29.  
30. @Bean
31. public DaoAuthenticationProvider authProvider(){
32. DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
33. authProvider.setUserDetailsService(userDetailsService);
34. authProvider.setPasswordEncoder(new BCryptPasswordEncoder(12));
35. return authProvider;
36. }
37.  
38. @Autowired
39. public void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
40. auth.userDetailsService(userDetailsService);
41. }
42.  
43. @Override
44. protected void configure(AuthenticationManagerBuilder auth) throws Exception{
45. auth.userDetailsService(userDetailsService).and().authenticationProvider(authProvider());
46. }
47. }