• Home
• com.formkiq
• formkiq-server
• 0.2
• source code
• SecurityConfig.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.formkiq.server.config.SecurityConfig Maven / Gradle / Ivy

package com.formkiq.server.config;
import static com.formkiq.server.api.SystemController.API_SYSTEM_PING;
import static com.formkiq.server.api.SystemController.API_SYSTEM_SETUP;
import static com.formkiq.server.api.UsersController.API_USER_LOST_PASSWORD;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import com.formkiq.server.service.UserDetailsAuthenticationProvider;

/**
 * Application Security Config.
 *
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /** UserDetailsAuthenticationProvider. */
    @Autowired
    private UserDetailsAuthenticationProvider authenticationProvider;

    /**
     * Configure Authentication Provider.
     * @param auth AuthenticationManagerBuilder
     * @throws Exception Exception
     */
    @Autowired
    public void globalUserDetails(final AuthenticationManagerBuilder auth)
            throws Exception {
        // auth.inMemoryAuthentication().withUser("marissa")
        //.password("koala").roles("USER").and().withUser("paul")
        // .password("emu").roles("USER");
        auth.authenticationProvider(this.authenticationProvider);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/", "/setup", "/home", "/js/**", "/css/**",
                    "/striped/**", API_SYSTEM_SETUP,
                    API_USER_LOST_PASSWORD, API_SYSTEM_PING)
            .permitAll()
            .antMatchers("/admin/**", "/api/**").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/admin/index")
            .permitAll()
            .and()
            .logout().clearAuthentication(true)
            .permitAll();
    }
}