Created
June 24, 2019 20:04
-
-
Save ngueno/dc0406d42dbef42255f495a1afbb6581 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.ngueno.app.ws.security; | |
import org.springframework.http.HttpMethod; | |
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; | |
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | |
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | |
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | |
import org.springframework.security.config.http.SessionCreationPolicy; | |
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | |
import com.ngueno.app.ws.service.UserService; | |
@EnableWebSecurity | |
public class WebSecurity extends WebSecurityConfigurerAdapter { | |
private final UserService userDetailsService; | |
private final BCryptPasswordEncoder bCryptPasswordEncoder; | |
public WebSecurity(UserService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) { | |
super(); | |
this.userDetailsService = userDetailsService; | |
this.bCryptPasswordEncoder = bCryptPasswordEncoder; | |
} | |
@Override | |
protected void configure(HttpSecurity http) throws Exception { | |
http.csrf().disable().authorizeRequests() | |
.antMatchers(HttpMethod.POST, SecurityConstants.SIGN_UP_URL) | |
.permitAll() | |
.anyRequest().authenticated().and() | |
.addFilter(getAuthenticationFilter()) | |
.addFilter(new AuthorizationFilter(authenticationManager())) | |
.sessionManagement() | |
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) | |
; | |
} | |
@Override | |
protected void configure(AuthenticationManagerBuilder auth) throws Exception { | |
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder); | |
} | |
public AuthenticationFilter getAuthenticationFilter() throws Exception { | |
final AuthenticationFilter filter = new AuthenticationFilter(authenticationManager()); | |
filter.setFilterProcessesUrl("/users/login"); | |
return filter; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment