Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- @EnableWebSecurity
- @Profile("container")
- public class XSecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private AuthenticationProvider authenticationProvider;
- @Autowired
- private AuthenticationProvider authenticationProviderDB;
- @Override
- @Order(1)
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.authenticationProvider(authenticationProvider);
- }
- @Order(2)
- protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth.authenticationProvider(authenticationProviderDB);
- }
- @Override
- public void configure(WebSecurity web) throws Exception {
- web
- .ignoring()
- .antMatchers("/scripts/**","/styles/**","/images/**","/error/**");
- }
- @Override
- public void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests()
- .antMatchers("/rest/**").authenticated()
- .antMatchers("/**").permitAll()
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .successHandler(new AuthenticationSuccessHandler() {
- @Override
- public void onAuthenticationSuccess(
- HttpServletRequest request,
- HttpServletResponse response,
- Authentication a) throws IOException, ServletException {
- //To change body of generated methods,
- response.setStatus(HttpServletResponse.SC_OK);
- }
- })
- .failureHandler(new AuthenticationFailureHandler() {
- @Override
- public void onAuthenticationFailure(
- HttpServletRequest request,
- HttpServletResponse response,
- AuthenticationException ae) throws IOException, ServletException {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- }
- })
- .loginProcessingUrl("/access/login")
- .and()
- .logout()
- .logoutUrl("/access/logout")
- .logoutSuccessHandler(new LogoutSuccessHandler() {
- @Override
- public void onLogoutSuccess(
- HttpServletRequest request,
- HttpServletResponse response,
- Authentication a) throws IOException, ServletException {
- response.setStatus(HttpServletResponse.SC_NO_CONTENT);
- }
- })
- .invalidateHttpSession(true)
- .and()
- .exceptionHandling()
- .authenticationEntryPoint(new Http403ForbiddenEntryPoint())
- .and()
- .csrf()//Disabled CSRF protection
- .disable();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement