Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
@Configuration
@EnableConfigurationProperties({ CommandLineSecurityConfigurer.class })
@ConditionalOnNotWebApplication
public class NonWebSecurityConfig {
@Bean
public GrantedAuthority createGrantedAuthority(CommandLineSecurityConfigurer cliSecurityConfigurer) {
return new SimpleGrantedAuthority("ROLE_" + cliSecurityConfigurer.getRequiredRole());
}
}
@Configuration
@ConditionalOnWebApplication
@EnableConfigurationProperties({WebSecurityConfigurer.class})
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private WebSecurityConfigurer webSecurityConfigurer;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(webSecurityConfigurer.getAdminEndpoints()).hasRole("ADMIN")
.antMatchers(webSecurityConfigurer.getUserEndpoints()).hasRole("USER")
.antMatchers(webSecurityConfigurer.getUnsecuredEndpoints()).permitAll()
.antMatchers("/login*").permitAll()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment