исправил конфигурацию сервиса безопасности

This commit is contained in:
Anton Romanov 2023-12-05 16:19:11 +04:00
parent 82dfb189dd
commit 928e7a1e30

View File

@ -16,6 +16,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ -24,11 +25,16 @@ public class SecurityConfiguration {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class); private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
private final UserService userService; private final UserService userService;
private final BCryptPasswordEncoder bCryptPasswordEncoder; private final BCryptPasswordEncoder bCryptPasswordEncoder;
private final AuthenticationSuccessHandler authenticationSuccessHandler;
//private final LogoutSuccessHandler logoutSuccessHandler;
public SecurityConfiguration(UserService userService, public SecurityConfiguration(UserService userService,
BCryptPasswordEncoder bCryptPasswordEncoder) { BCryptPasswordEncoder bCryptPasswordEncoder,
AuthenticationSuccessHandler authenticationSuccessHandler) {
this.userService = userService; this.userService = userService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder; this.bCryptPasswordEncoder = bCryptPasswordEncoder;
this.authenticationSuccessHandler = authenticationSuccessHandler;
} }
@Bean @Bean
@ -39,6 +45,7 @@ public class SecurityConfiguration {
//.requestMatchers(UserController.ACTIVATE_URL).permitAll() //.requestMatchers(UserController.ACTIVATE_URL).permitAll()
.requestMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll() .requestMatchers(Constants.PASSWORD_RESET_REQUEST_PAGE).permitAll()
.requestMatchers(Constants.PASSWORD_RESET_PAGE).permitAll() .requestMatchers(Constants.PASSWORD_RESET_PAGE).permitAll()
.requestMatchers(Constants.CONTACTS_PAGE).permitAll()
//.requestMatchers(UserController.URL + UserController.REGISTER_URL).permitAll() //.requestMatchers(UserController.URL + UserController.REGISTER_URL).permitAll()
//.requestMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll() //.requestMatchers(UserController.URL + UserController.ACTIVATE_URL).permitAll()
//.requestMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll() //.requestMatchers(UserController.URL + UserController.PASSWORD_RESET_REQUEST_URL).permitAll()
@ -46,8 +53,9 @@ public class SecurityConfiguration {
.requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN) .requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
.anyRequest().authenticated()) .anyRequest().authenticated())
.formLogin(fl -> fl .formLogin(fl -> fl
.loginPage("/login") .loginPage("/logform")
//.successHandler(authenticationSuccessHandler) .successHandler(authenticationSuccessHandler)
.defaultSuccessUrl("/", true)
.permitAll()) .permitAll())
.csrf(AbstractHttpConfigurer::disable) .csrf(AbstractHttpConfigurer::disable)
.logout(l -> l .logout(l -> l
@ -62,7 +70,7 @@ public class SecurityConfiguration {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/css/**", "/js/**", "/templates/**", "/webjars/**"); return (web) -> web.ignoring().requestMatchers("/assets.js/**", "/bootstrap_theme/**", "/bootstrap/**", "/css/**", "/js/**", "/templates/**", "/webjars/**");
} }
@Autowired @Autowired