|
|
@ -16,6 +16,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|
|
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|
|
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
|
|
|
|
|
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
|
|
|
|
|
|
|
|
|
|
@Configuration
|
|
|
|
@Configuration
|
|
|
|
@EnableWebSecurity
|
|
|
|
@EnableWebSecurity
|
|
|
@ -24,11 +25,16 @@ public class SecurityConfiguration {
|
|
|
|
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
|
|
|
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
|
|
|
private final UserService userService;
|
|
|
|
private final UserService userService;
|
|
|
|
private final BCryptPasswordEncoder bCryptPasswordEncoder;
|
|
|
|
private final BCryptPasswordEncoder bCryptPasswordEncoder;
|
|
|
|
|
|
|
|
private final AuthenticationSuccessHandler authenticationSuccessHandler;
|
|
|
|
|
|
|
|
//private final LogoutSuccessHandler logoutSuccessHandler;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public SecurityConfiguration(UserService userService,
|
|
|
|
public SecurityConfiguration(UserService userService,
|
|
|
|
BCryptPasswordEncoder bCryptPasswordEncoder) {
|
|
|
|
BCryptPasswordEncoder bCryptPasswordEncoder,
|
|
|
|
|
|
|
|
AuthenticationSuccessHandler authenticationSuccessHandler) {
|
|
|
|
this.userService = userService;
|
|
|
|
this.userService = userService;
|
|
|
|
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
|
|
|
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
|
|
|
|
|
|
|
this.authenticationSuccessHandler = authenticationSuccessHandler;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
@Bean
|
|
|
@ -39,6 +45,7 @@ public class SecurityConfiguration {
|
|
|
|
//.requestMatchers(UserController.ACTIVATE_URL).permitAll()
|
|
|
|
//.requestMatchers(UserController.ACTIVATE_URL).permitAll()
|
|
|
|
.requestMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
|
|
|
|
.requestMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
|
|
|
|
.requestMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
|
|
|
|
.requestMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
|
|
|
|
|
|
|
|
.requestMatchers(Constants.CONTACTS_PAGE).permitAll()
|
|
|
|
//.requestMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
|
|
|
|
//.requestMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
|
|
|
|
//.requestMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
|
|
|
|
//.requestMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
|
|
|
|
//.requestMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
|
|
|
|
//.requestMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
|
|
|
@ -46,8 +53,9 @@ public class SecurityConfiguration {
|
|
|
|
.requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
|
|
|
|
.requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
|
|
|
|
.anyRequest().authenticated())
|
|
|
|
.anyRequest().authenticated())
|
|
|
|
.formLogin(fl -> fl
|
|
|
|
.formLogin(fl -> fl
|
|
|
|
.loginPage("/login")
|
|
|
|
.loginPage("/logform")
|
|
|
|
//.successHandler(authenticationSuccessHandler)
|
|
|
|
.successHandler(authenticationSuccessHandler)
|
|
|
|
|
|
|
|
.defaultSuccessUrl("/", true)
|
|
|
|
.permitAll())
|
|
|
|
.permitAll())
|
|
|
|
.csrf(AbstractHttpConfigurer::disable)
|
|
|
|
.csrf(AbstractHttpConfigurer::disable)
|
|
|
|
.logout(l -> l
|
|
|
|
.logout(l -> l
|
|
|
@ -62,7 +70,7 @@ public class SecurityConfiguration {
|
|
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
@Bean
|
|
|
|
public WebSecurityCustomizer webSecurityCustomizer() {
|
|
|
|
public WebSecurityCustomizer webSecurityCustomizer() {
|
|
|
|
return (web) -> web.ignoring().requestMatchers("/css/**", "/js/**", "/templates/**", "/webjars/**");
|
|
|
|
return (web) -> web.ignoring().requestMatchers("/assets.js/**", "/bootstrap_theme/**", "/bootstrap/**", "/css/**", "/js/**", "/templates/**", "/webjars/**");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
@Autowired
|
|
|
|