исправил конфигурацию сервиса безопасности

This commit is contained in:
Anton Romanov 2023-12-05 16:19:11 +04:00
parent 82dfb189dd
commit 928e7a1e30

View File

@ -16,6 +16,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@Configuration
@EnableWebSecurity
@ -24,11 +25,16 @@ public class SecurityConfiguration {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
private final UserService userService;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
private final AuthenticationSuccessHandler authenticationSuccessHandler;
//private final LogoutSuccessHandler logoutSuccessHandler;
public SecurityConfiguration(UserService userService,
BCryptPasswordEncoder bCryptPasswordEncoder) {
BCryptPasswordEncoder bCryptPasswordEncoder,
AuthenticationSuccessHandler authenticationSuccessHandler) {
this.userService = userService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
this.authenticationSuccessHandler = authenticationSuccessHandler;
}
@Bean
@ -39,6 +45,7 @@ public class SecurityConfiguration {
//.requestMatchers(UserController.ACTIVATE_URL).permitAll()
.requestMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
.requestMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
.requestMatchers(Constants.CONTACTS_PAGE).permitAll()
//.requestMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
//.requestMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
//.requestMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
@ -46,8 +53,9 @@ public class SecurityConfiguration {
.requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
.anyRequest().authenticated())
.formLogin(fl -> fl
.loginPage("/login")
//.successHandler(authenticationSuccessHandler)
.loginPage("/logform")
.successHandler(authenticationSuccessHandler)
.defaultSuccessUrl("/", true)
.permitAll())
.csrf(AbstractHttpConfigurer::disable)
.logout(l -> l
@ -62,7 +70,7 @@ public class SecurityConfiguration {
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/css/**", "/js/**", "/templates/**", "/webjars/**");
return (web) -> web.ignoring().requestMatchers("/assets.js/**", "/bootstrap_theme/**", "/bootstrap/**", "/css/**", "/js/**", "/templates/**", "/webjars/**");
}
@Autowired