security-config.xml

gistfile1.xml

<?xml version="1.0" encoding="UTF-8"?>

<!-- Change the following configuration for security shortcut
	1) <beans to <beans:beans
	2) <bean xmlns to <beans:beans xmlns:beans 
	3) xmlns:security to xmlns
 -->
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/context
		http://www.springframework.org/schema/context/spring-context.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security.xsd">

	<!-- LDAP - Looking for file users.ldif under the classpath -->
<!-- 	<ldap-server ldif="classpath:users.ldif" /> -->

	<!-- =================== SECURITY =================== -->
	<!-- Basic Security <http-basic/> : http://localhost:8080/FitnessTrackerSecurity/ will auto reroute to Spring login page -->
	<!-- pattern="/login.html" access="permitAll, IS_AUTHENTICATED_ANONYMOUSLY" -->
	<http auto-config="true" use-expressions="true">
		<intercept-url pattern="/login.html" access="permitAll" />
		<intercept-url pattern="/loginFailed.html" access="permitAll" />
		<intercept-url pattern="/logout.html" access="permitAll" />
		<intercept-url pattern="/403.html" access="permitAll" />
		<intercept-url pattern="/405.html" access="permitAll" />
		<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
		<form-login login-page="/login.html" authentication-failure-url="/loginFailed.html"/>
		<logout logout-success-url="/logout.html" />
		<access-denied-handler error-page="/403.html"/>
	</http>
	<!-- =================== SECURITY =================== -->

	<!-- Create a ROLE_USER ( MySql ) using user-service-def and <beans:bean id="userDetailService" below -->
	<!-- Replace it by jdbc-user-service data-source-ref -->
	<!-- <authentication-manager>
		<authentication-provider user-service-ref="userDetailService" />
	</authentication-manager> -->

	<!-- Using LDAP users.ldif
	<authentication-manager>
		<ldap-authentication-provider
			group-search-filter="member={0}"
			group-search-base="ou=groups"
			user-search-base="ou=people"
			user-search-filter="uid={0}" 
		/>
	</authentication-manager> -->
	
	<!-- Configure using <jdbc-user-service> to reduce other configuration -->
	<authentication-manager>
		<authentication-provider>
			<password-encoder hash="bcrypt" />
			<jdbc-user-service data-source-ref="dataSource" />
		</authentication-provider>
	</authentication-manager>
	
	<!-- =================== MySQL: driver and JDBC =================== -->
	<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"></beans:property>
		<beans:property name="url" value="jdbc:mysql://localhost:3306/fitnessTracker"></beans:property>
		<beans:property name="username" value="root"></beans:property>
		<beans:property name="password" value="password"></beans:property>
	</beans:bean>
		
	<!-- Spring JDBC Security also allow omitting the following DataSource definition, so remove the following -->
	<!-- code and the user-service-ref above, but replace the above with jdbc-user-service data-source-ref -->
<!-- 	<beans:bean id="userDetailService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
		<beans:property name="dataSource" ref="dataSource"/>
	</beans:bean> -->
	
	<!-- =================== MySQL: driver and JDBC =================== -->

</beans:beans>