You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 lines
1.5 KiB
43 lines
1.5 KiB
package com.mousetech.gourmetj;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
public class SpringSecurityConfig
|
|
extends WebSecurityConfigurerAdapter {
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http)
|
|
throws Exception {
|
|
// require all requests to be authenticated except
|
|
// for the resources
|
|
http.authorizeRequests()
|
|
.antMatchers("/javax.faces.resource/**", "/main.jsf",
|
|
"/img/**", "/recipeDetails.jsf")
|
|
.permitAll().anyRequest().authenticated();
|
|
// login
|
|
http.formLogin()// .loginPage("/login.xhtml")
|
|
.permitAll();
|
|
// .failureUrl("/login.xhtml?error=true");
|
|
// logout
|
|
// http.logout().logoutSuccessUrl("/login.xhtml");
|
|
// not needed as JSF 2.2 is implicitly protected
|
|
// against CSRF
|
|
http.csrf().disable();
|
|
}
|
|
|
|
@Autowired
|
|
public void configureGlobal(
|
|
AuthenticationManagerBuilder auth) throws Exception {
|
|
auth.inMemoryAuthentication().withUser("tim.holloway")
|
|
.password("{noop}secret").roles("ADMIN").and()
|
|
.withUser("jane.doe").password("{noop}5678")
|
|
.roles("USER");
|
|
}
|
|
}
|
|
|