/gist:fc066bc1dca93990960a5fef49b889b1

## gistfile1.txt
@EnableWebSecurity
public class WebSecurityConfig{

	@Configuration
	@Order(1)
	public static class RestWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

		@Autowired
		private UsuarioDAO dao;

		protected void configure(HttpSecurity httpSecurity) throws Exception {

			httpSecurity.csrf().disable()

				.antMatcher("/rest/**")
				.authorizeRequests()
				.antMatchers("rest/login").permitAll()
				.antMatchers("rest/arvore/**").hasRole("MASTER")
				//ARVORE
				.antMatchers(HttpMethod.POST,"rest/arvore/").hasRole("USUARIO")
				.antMatchers(HttpMethod.GET,"rest/arvore/").hasRole("USUARIO")
				.antMatchers(HttpMethod.PUT,"rest/arvore/").hasRole("USUARIO")
				.antMatchers(HttpMethod.DELETE,"rest/arvore/").hasRole("USUARIO")
				.antMatchers("rest/arvore/{username}").hasRole("USUARIO")
				//USUARIO


				.anyRequest().authenticated()
				.and().cors().and().formLogin().loginPage("/rest/login").permitAll()
				.and()
				.addFilterBefore(new JWTLoginFilter("/rest/login", authenticationManager()),
		                UsernamePasswordAuthenticationFilter.class)
				.addFilterBefore(new JWTAuthenticationFilter(),
		                UsernamePasswordAuthenticationFilter.class);
		}

		@Override
	    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	        auth.userDetailsService(dao);

	    }

		@Bean
	    CorsConfigurationSource corsConfigurationSource() {
	        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
	        return source;
	    }


	}

	@Configuration
	@EnableAspectJAutoProxy(proxyTargetClass=true)
	public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {


		@Autowired
		private UsuarioDAO dao;

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http
					// starts authorizing configurations
					.authorizeRequests()
					//Resources

					.antMatchers("/rest/**").permitAll()
					.antMatchers("/css/**").permitAll()
					.antMatchers("/js/**").permitAll()
					.antMatchers("/images/**").permitAll()
					//Pages
					.antMatchers("/authenticate").permitAll()

					//Arvore
					.antMatchers("/arvore/**").hasRole("MASTER")


					.anyRequest().authenticated()
					.and().cors().and().formLogin().loginPage("/login").permitAll()
					.and().csrf().disable();


		}

		@Override
	    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	        auth.userDetailsService(dao);
	    }

		@Bean
	    CorsConfigurationSource corsConfigurationSource() {
	        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
	        return source;
	    }


	}


}
	@EnableWebSecurity
	public class WebSecurityConfig{

	@Configuration
	@Order(1)
	public static class RestWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

	@Autowired
	private UsuarioDAO dao;

	protected void configure(HttpSecurity httpSecurity) throws Exception {

	httpSecurity.csrf().disable()

	.antMatcher("/rest/**")
	.authorizeRequests()
	.antMatchers("rest/login").permitAll()
	.antMatchers("rest/arvore/**").hasRole("MASTER")
	//ARVORE
	.antMatchers(HttpMethod.POST,"rest/arvore/").hasRole("USUARIO")
	.antMatchers(HttpMethod.GET,"rest/arvore/").hasRole("USUARIO")
	.antMatchers(HttpMethod.PUT,"rest/arvore/").hasRole("USUARIO")
	.antMatchers(HttpMethod.DELETE,"rest/arvore/").hasRole("USUARIO")
	.antMatchers("rest/arvore/{username}").hasRole("USUARIO")
	//USUARIO



	.anyRequest().authenticated()
	.and().cors().and().formLogin().loginPage("/rest/login").permitAll()
	.and()
	.addFilterBefore(new JWTLoginFilter("/rest/login", authenticationManager()),
	UsernamePasswordAuthenticationFilter.class)
	.addFilterBefore(new JWTAuthenticationFilter(),
	UsernamePasswordAuthenticationFilter.class);
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.userDetailsService(dao);

	}

	@Bean
	CorsConfigurationSource corsConfigurationSource() {
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
	return source;
	}



	}

	@Configuration
	@EnableAspectJAutoProxy(proxyTargetClass=true)
	public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {



	@Autowired
	private UsuarioDAO dao;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http
	// starts authorizing configurations
	.authorizeRequests()
	//Resources

	.antMatchers("/rest/**").permitAll()
	.antMatchers("/css/**").permitAll()
	.antMatchers("/js/**").permitAll()
	.antMatchers("/images/**").permitAll()
	//Pages
	.antMatchers("/authenticate").permitAll()

	//Arvore
	.antMatchers("/arvore/**").hasRole("MASTER")


	.anyRequest().authenticated()
	.and().cors().and().formLogin().loginPage("/login").permitAll()
	.and().csrf().disable();


	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.userDetailsService(dao);
	}

	@Bean
	CorsConfigurationSource corsConfigurationSource() {
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
	return source;
	}



	}


	}