-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWebSecurityConfiguration.java
66 lines (59 loc) · 3.07 KB
/
WebSecurityConfiguration.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package com.miw.gildedroseexpands;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
/**
* sets up the spring configuration
*
* We are very very simple;
* a) us InMemoryUserDetailsManager and create two users
* guest (password)
* admin (admin)
* b) setup BASIC authentication
* c) we have a few items for the embedded h2-console
*/
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
/**
* Trivial user definition - should be using a real database and encoding passwords as hashes
*/
@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
return new InMemoryUserDetailsManager(
User.withDefaultPasswordEncoder().username("guest").password("password")
.authorities("ROLE_USER").build(),
User.withDefaultPasswordEncoder().username("admin").password("admin")
.authorities("ROLE_ADMIN", "ROLE_USER").build());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests().antMatchers("/items", "/items/**").permitAll()
// .antMatchers("/h2-console", "/h2-console/**", "/h2-console/**/**",
// "console", "console/**").hasRole("ADMIN") //REMOVE FOR PRODUCTION
// .antMatchers("/buy", "/buy/**").hasRole("USER")
// .antMatchers("/inventory", "/admin", "/admin/**", "/admin/**/**",
// "/admin/**/**/**").hasRole("ADMIN").and().httpBasic();
http.authorizeRequests().antMatchers("/h2-console", "/h2-console/**", "/h2-console/**/**").hasRole("ADMIN");
http.httpBasic();
//required for h2-console
http.csrf().disable();
http.headers().frameOptions().disable();
}
// @Override
// protected void configure(HttpSecurity httpSecurity) throws Exception {
// httpSecurity.authorizeRequests().antMatchers("/").permitAll().and()
// .authorizeRequests().antMatchers("/h2-console/**").permitAll();
//
// httpSecurity.csrf().disable();
// httpSecurity.headers().frameOptions().disable();
// }
// @Override
// protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests()
// .anyRequest().permitAll()
// .and().httpBasic();
// }
}