Last active
July 19, 2017 03:08
-
-
Save israeleriston/481ebad5b80fea811ee29f69d87babca to your computer and use it in GitHub Desktop.
Web Security Configuration Spring
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Configuration | |
@EnableWebSecurity(debug = false) | |
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) | |
public class WebApplicationSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { | |
public static final String J_SPRING_SECURITY_LOGOUT = "/j_spring_security_logout"; | |
public static final String J_SPRING_SECURITY_CHECK = "/j_spring_security_check"; | |
public static final String J_USERNAME = "user"; | |
public static final String J_PASSWORD = "password"; | |
public static final String LOGIN_ERROR = "/login-error"; | |
public static final String JSESSIONID = "JSESSIONID"; | |
public static final String LOGIN_PAGE = "/login"; | |
@Inject | |
private UserDetailsService userDetailsService; | |
@Bean | |
public PasswordEncoder passwordEncoder() { | |
return new BCryptPasswordEncoder(); | |
} | |
@Inject | |
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { | |
auth | |
.userDetailsService(userDetailsService) | |
.passwordEncoder(passwordEncoder()); | |
} | |
@Bean | |
@Inject | |
public AuthenticationSuccessHandler authenticationSuccessHandler() { | |
return new UsuarioSistemaAuthenticationSuccessHandler(); | |
} | |
@Bean | |
@Inject | |
public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() { | |
return new AuthenticationUrlFailureHandler(); | |
} | |
@Bean | |
@Inject | |
public UsuarioSucessLogoutHandle usuarioSucessLogoutHandle() { | |
return new UsuarioSucessLogoutHandle(); | |
} | |
@Override | |
protected void configure(HttpSecurity http) throws Exception { | |
http | |
.authorizeRequests() | |
.anyRequest() | |
.authenticated() | |
.and() | |
.formLogin() | |
.loginPage(LOGIN_PAGE).permitAll() | |
.loginProcessingUrl(J_SPRING_SECURITY_CHECK) | |
.usernameParameter(J_USERNAME) | |
.passwordParameter(J_PASSWORD) | |
.successHandler(authenticationSuccessHandler()) | |
.failureHandler(authenticationFailureHandler()).failureUrl("/login?invalid=true") | |
.and() | |
.httpBasic(); | |
http.authorizeRequests() | |
.antMatchers(LOGIN_PAGE).permitAll() | |
.antMatchers("/public/**", "/resources/**", "/javax.faces.resource/**").permitAll(); | |
http.logout() | |
.logoutUrl(J_SPRING_SECURITY_LOGOUT).logoutSuccessHandler(usuarioSucessLogoutHandle()) | |
.deleteCookies(JSESSIONID) | |
.invalidateHttpSession(true) | |
.logoutSuccessUrl(LOGIN_PAGE).permitAll(); | |
http.csrf().disable(); | |
} | |
@Override | |
public AuthenticationManager authenticationManagerBean() throws Exception { | |
return super.authenticationManagerBean(); | |
} | |
@Override | |
public void configure(WebSecurity web) throws Exception { | |
web.ignoring().antMatchers("/public/**", "/resources/**", "/javax.faces.resource/**"); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment