API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 28th, 2017
47
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 2.88 KB | None | 0 0
raw download clone embed print report
  1. @Configuration
  2. @EnableWebSecurity
  3. @Profile("container")
  4. public class XSecurityConfig extends WebSecurityConfigurerAdapter {
  5.  
  6. @Autowired
  7. private AuthenticationProvider authenticationProvider;
  8.  
  9. @Autowired
  10. private AuthenticationProvider authenticationProviderDB;
  11.  
  12. @Override
  13. @Order(1)
  14.  
  15. protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  16.     auth.authenticationProvider(authenticationProvider);
  17. }
  18.  
  19. @Order(2)
  20. protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  21.     auth.authenticationProvider(authenticationProviderDB);
  22. }
  23.  
  24. @Override
  25.   public void configure(WebSecurity web) throws Exception {
  26.     web
  27.       .ignoring()
  28.          .antMatchers("/scripts/**","/styles/**","/images/**","/error/**");
  29.   }
  30.  
  31. @Override
  32. public void configure(HttpSecurity http) throws Exception {
  33.     http
  34.             .authorizeRequests()
  35.             .antMatchers("/rest/**").authenticated()
  36.             .antMatchers("/**").permitAll()
  37.             .anyRequest().authenticated()
  38.             .and()
  39.             .formLogin()
  40.             .successHandler(new AuthenticationSuccessHandler() {
  41.                 @Override
  42.                 public void onAuthenticationSuccess(
  43.                         HttpServletRequest request,
  44.                         HttpServletResponse response,
  45.                         Authentication a) throws IOException, ServletException {
  46.                             //To change body of generated methods,
  47.                             response.setStatus(HttpServletResponse.SC_OK);
  48.                         }
  49.             })
  50.             .failureHandler(new AuthenticationFailureHandler() {
  51.  
  52.                 @Override
  53.                 public void onAuthenticationFailure(
  54.                         HttpServletRequest request,
  55.                         HttpServletResponse response,
  56.                         AuthenticationException ae) throws IOException, ServletException {
  57.                             response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  58.                         }
  59.             })
  60.             .loginProcessingUrl("/access/login")
  61.             .and()
  62.             .logout()
  63.             .logoutUrl("/access/logout")                
  64.             .logoutSuccessHandler(new LogoutSuccessHandler() {
  65.                 @Override
  66.                 public void onLogoutSuccess(
  67.                         HttpServletRequest request,
  68.                         HttpServletResponse response,
  69.                         Authentication a) throws IOException, ServletException {
  70.                     response.setStatus(HttpServletResponse.SC_NO_CONTENT);
  71.                 }
  72.             })
  73.             .invalidateHttpSession(true)
  74.             .and()
  75.             .exceptionHandling()
  76.             .authenticationEntryPoint(new Http403ForbiddenEntryPoint())
  77.             .and()
  78.             .csrf()//Disabled CSRF protection
  79.             .disable();
  80.     }
  81. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!