parent
d708029fb6
commit
8cc60e2fbf
1 changed files with 43 additions and 0 deletions
@ -0,0 +1,43 @@ |
||||
package com.mousetech.gourmetj; |
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired; |
||||
import org.springframework.context.annotation.Configuration; |
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
||||
|
||||
@Configuration |
||||
@EnableWebSecurity |
||||
public class SpringSecurityConfig |
||||
extends WebSecurityConfigurerAdapter { |
||||
|
||||
@Override |
||||
protected void configure(HttpSecurity http) |
||||
throws Exception { |
||||
// require all requests to be authenticated except
|
||||
// for the resources
|
||||
http.authorizeRequests() |
||||
.antMatchers("/javax.faces.resource/**", "/main.jsf", |
||||
"/img/**", "/recipeDetails.jsf") |
||||
.permitAll().anyRequest().authenticated(); |
||||
// login
|
||||
http.formLogin()// .loginPage("/login.xhtml")
|
||||
.permitAll(); |
||||
// .failureUrl("/login.xhtml?error=true");
|
||||
// logout
|
||||
// http.logout().logoutSuccessUrl("/login.xhtml");
|
||||
// not needed as JSF 2.2 is implicitly protected
|
||||
// against CSRF
|
||||
http.csrf().disable(); |
||||
} |
||||
|
||||
@Autowired |
||||
public void configureGlobal( |
||||
AuthenticationManagerBuilder auth) throws Exception { |
||||
auth.inMemoryAuthentication().withUser("tim.holloway") |
||||
.password("{noop}secret").roles("ADMIN").and() |
||||
.withUser("jane.doe").password("{noop}5678") |
||||
.roles("USER"); |
||||
} |
||||
} |
Loading…
Reference in new issue