SpringSecurity_BasicAuthentication/src/main/java/com/dico/authedemo/security/ApplicationSecurityConfig.java at 871d9e55e420a506344c69e529ad5d527351671e · SirDICO/SpringSecurity_BasicAuthentication · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package com.dico.authedemo.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

import static com.dico.authedemo.security.UserRole.STUDENT;

@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {

    private final PasswordEncoder passwordEncoder;
    @Autowired
    public ApplicationSecurityConfig(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //ensure authourization
                .authorizeRequests()
                //disable authourization for this set of guys
                .antMatchers("/", "index","/css/*", "/js/*").permitAll()
                .antMatchers("/api/**").hasRole(STUDENT.name())
                //ensure it's done on any request
                .anyRequest()
                //then authenticate the request
                .authenticated()
                //and
                .and()
                //then use basic authentication type for access
                .httpBasic();
    }

    @Override
    @Bean
    protected UserDetailsService userDetailsService() {
        UserDetails UserIkenna =  User.builder()
                .username("ikenna")
                .password(passwordEncoder.encode("password"))
                .roles(UserRole.ADMIN.name())
                .build();

        UserDetails UserLinda = User.builder()
                .username("linda")
                .password(passwordEncoder.encode("password1"))
                .roles(STUDENT.name())
                .build();
                return new InMemoryUserDetailsManager(
                        UserLinda,
                        UserIkenna
    );

    }
}