add java configuration

2016-04-03 19:13:25 +02:00
parent 2f9524ae8e
commit 9b262c9381
6 changed files with 142 additions and 22 deletions
--- a/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -1,14 +1,66 @@
 package org.baeldung.spring;

+import org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.ImportResource;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.session.HttpSessionEventPublisher;

@Configuration
-@ImportResource({ "classpath:webSecurityConfig.xml" })
-public class SecSecurityConfig {
+// @ImportResource({ "classpath:webSecurityConfig.xml" })
+@EnableWebSecurity
+public class SecSecurityConfig extends WebSecurityConfigurerAdapter {

    public SecSecurityConfig() {
        super();
    }

+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        // @formatter:off
+        auth.inMemoryAuthentication()
+        .withUser("user1").password("user1Pass").roles("USER")
+        .and()
+        .withUser("admin1").password("admin1Pass").roles("ADMIN");
+        // @formatter:on
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+        .csrf().disable()
+        .authorizeRequests()
+        .antMatchers("/anonymous*").anonymous()
+        .antMatchers("/login*").permitAll()
+        .anyRequest().authenticated()
+        .and()
+        .formLogin()
+        .loginPage("/login.html")
+        .loginProcessingUrl("/login")
+        .successHandler(successHandler())
+        .failureUrl("/login.html?error=true")
+        .and()
+        .logout().deleteCookies("JSESSIONID")
+        .and()
+        .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
+        .and()
+        .sessionManagement().invalidSessionUrl("/invalidSession.html").maximumSessions(2).expiredUrl("/sessionExpired.html");
+
+        // @formatter:on
+    }
+
+    private AuthenticationSuccessHandler successHandler() {
+        return new MySimpleUrlAuthenticationSuccessHandler();
+    }
+
+    @Bean
+    public HttpSessionEventPublisher httpSessionEventPublisher() {
+        return new HttpSessionEventPublisher();
+    }
+
 }