| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 |
- package pl.sudra.configuration;
- import jakarta.annotation.Resource;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
- import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.core.userdetails.User;
- import org.springframework.security.core.userdetails.UserDetails;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import org.springframework.security.provisioning.InMemoryUserDetailsManager;
- import org.springframework.security.web.SecurityFilterChain;
- import org.springframework.security.web.csrf.CsrfFilter;
- import org.springframework.web.filter.CharacterEncodingFilter;
- @Configuration
- @EnableWebSecurity
- //@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
- @EnableMethodSecurity
- public class SecurityConfiguration {
- @Resource(name = "myAppUserDetailsService")
- private UserDetailsService userDetailsService;
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
- @Bean
- DaoAuthenticationProvider authProvider() {
- DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
- // for database users
- authProvider.setUserDetailsService(userDetailsService);
- authProvider.setPasswordEncoder(passwordEncoder());
- // for in-memory users
- // authProvider.setUserDetailsService(userDetailsService());
- return authProvider;
- }
- @Bean
- public InMemoryUserDetailsManager userDetailsService() {
- UserDetails user = User.withDefaultPasswordEncoder()
- .username("user")
- .password("user")
- .roles("USER")
- .build();
- UserDetails admin = User.withDefaultPasswordEncoder()
- .username("admin")
- .password("admin")
- .roles("ADMIN", "USER")
- .build();
- UserDetails student = User.withDefaultPasswordEncoder()
- .username("student")
- .password("student")
- .roles("STUDENT")
- .build();
- return new InMemoryUserDetailsManager(user, admin, student);
- }
- @Bean
- public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- CharacterEncodingFilter filter = new CharacterEncodingFilter();
- filter.setEncoding("UTF-8");
- filter.setForceEncoding(true);
- http.addFilterBefore(filter, CsrfFilter.class);
- http
- .authorizeHttpRequests((authz) -> authz
- .requestMatchers("/appUsers*").hasRole("ADMIN")
- .requestMatchers("/appUserRole*").hasRole("ADMIN")
- .requestMatchers("/exampleOne").hasAuthority("ROLE_USER")
- .requestMatchers("/exampleTwo").hasAnyAuthority("ROLE_STUDENT", "ROLE_ADMIN")
- .requestMatchers("/exampleThree").hasRole("STUDENT")
- .requestMatchers("/login*").anonymous()
- .requestMatchers("/appUserRest/*").anonymous()
- .anyRequest().authenticated()
- )
- // .formLogin(form -> form
- // .permitAll()
- // )
- .formLogin(form -> form
- .loginPage("/login")
- .usernameParameter("login")
- .passwordParameter("password")
- .failureUrl("/login?error")
- .defaultSuccessUrl("/", true)
- .permitAll()
- )
- .exceptionHandling(logout -> logout
- .accessDeniedPage("/accessDenied")
- )
- .httpBasic();
- return http.build();
- }
- }
|
