1 package org.springframework.security.oauth.examples.sparklr.config;
2
3 import org.springframework.context.annotation.Bean;
4 import org.springframework.context.annotation.Configuration;
5 import org.springframework.security.authentication.AuthenticationManager;
6 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8 import org.springframework.security.config.annotation.web.builders.WebSecurity;
9 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
10 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
11 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
12
13 @Configuration
14 @EnableWebSecurity
15 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
16
17 @Override
18 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
19 auth.inMemoryAuthentication().withUser("marissa").password("koala").roles("USER").and().withUser("paul")
20 .password("emu").roles("USER");
21 }
22
23 @Override
24 public void configure(WebSecurity web) throws Exception {
25 web.ignoring().antMatchers("/webjars/**", "/images/**", "/oauth/uncache_approvals", "/oauth/cache_approvals");
26 }
27
28 @Override
29 @Bean
30 public AuthenticationManager authenticationManagerBean() throws Exception {
31 return super.authenticationManagerBean();
32 }
33
34 @Override
35 protected void configure(HttpSecurity http) throws Exception {
36
37 http
38 .authorizeRequests().antMatchers("/login.jsp").permitAll().and()
39 .authorizeRequests()
40 .anyRequest().hasRole("USER")
41 .and()
42 .exceptionHandling()
43 .accessDeniedPage("/login.jsp?authorization_error=true")
44 .and()
45
46 .csrf()
47 .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable()
48 .logout()
49 .logoutSuccessUrl("/index.jsp")
50 .logoutUrl("/logout.do")
51 .and()
52 .formLogin()
53 .usernameParameter("j_username")
54 .passwordParameter("j_password")
55 .failureUrl("/login.jsp?authentication_error=true")
56 .loginPage("/login.jsp")
57 .loginProcessingUrl("/login.do");
58
59 }
60 }