Added security config

This commit is contained in:
Tim Holloway 2022-01-17 16:23:34 -05:00
parent d708029fb6
commit 8cc60e2fbf

View File

@ -0,0 +1,43 @@
package com.mousetech.gourmetj;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig
extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http)
throws Exception {
// require all requests to be authenticated except
// for the resources
http.authorizeRequests()
.antMatchers("/javax.faces.resource/**", "/main.jsf",
"/img/**", "/recipeDetails.jsf")
.permitAll().anyRequest().authenticated();
// login
http.formLogin()// .loginPage("/login.xhtml")
.permitAll();
// .failureUrl("/login.xhtml?error=true");
// logout
// http.logout().logoutSuccessUrl("/login.xhtml");
// not needed as JSF 2.2 is implicitly protected
// against CSRF
http.csrf().disable();
}
@Autowired
public void configureGlobal(
AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("tim.holloway")
.password("{noop}secret").roles("ADMIN").and()
.withUser("jane.doe").password("{noop}5678")
.roles("USER");
}
}