mindol1004/spring-soap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3ed7609758e495d1786da228bb7eedac193854b9
spring-soap/spring-security-rest/src/main/java/org/baeldung/spring/SecurityJavaConfig.java
Doha2012 3ed7609758 move security content from spring-security-rest-full (#2731) 
* move security content from spring-security-rest-full

* swagger update
2017-10-22 18:35:08 +02:00

78 lines
3.1 KiB
Java
Raw Blame History

package org.baeldung.spring;
import org.baeldung.security.MySavedRequestAwareAuthenticationSuccessHandler;
import org.baeldung.web.error.CustomAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan("org.baeldung.security")
public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAccessDeniedHandler accessDeniedHandler;
// @Autowired
// private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
// @Autowired
// private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
public SecurityJavaConfig() {
super();
SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
}
//
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("temporary").password("temporary").roles("ADMIN").and().withUser("user").password("userPass").roles("USER");
}
@Override
protected void configure(final HttpSecurity http) throws Exception {// @formatter:off
http
.csrf().disable()
.authorizeRequests()
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler)
// .authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/api/csrfAttacker*").permitAll()
.antMatchers("/api/customer/**").permitAll()
.antMatchers("/api/foos/**").authenticated()
.antMatchers("/api/async/**").permitAll()
.antMatchers("/api/admin/**").hasRole("ADMIN")
.and()
.httpBasic()
// .and()
// .successHandler(authenticationSuccessHandler)
// .failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.logout();
} // @formatter:on
@Bean
public MySavedRequestAwareAuthenticationSuccessHandler mySuccessHandler() {
return new MySavedRequestAwareAuthenticationSuccessHandler();
}
@Bean
public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler();
}
}
Reference in New Issue View Git Blame Copy Permalink