Advertisement
Viky__9

spring security

Oct 8th, 2021
398
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 4.22 KB | None | 0 0
  1.  
  2. @Configuration
  3. @EnableWebSecurity
  4. public class ConfigSpringSecurity  extends WebSecurityConfigurerAdapter {
  5.  
  6.  
  7.  
  8.     final static Logger logger=Logger.getLogger(ConfigSpringSecurity.class.getName());
  9.  
  10.     @Bean
  11.     public BCryptPasswordEncoder pass(){
  12.         //per criptare le password
  13.         return new BCryptPasswordEncoder();
  14.     }
  15.  
  16.     @Bean
  17.     public UserDetailsService user(){
  18.         //qua specifico gli utenti che potranno accedere alla app
  19.         UserBuilder users = User.builder();//con user buildere istanzio/creo nuovi utenti
  20.         InMemoryUserDetailsManager manager= new InMemoryUserDetailsManager();
  21. //untente 1
  22.         manager.createUser(
  23.                 users.username("vik").password(new BCryptPasswordEncoder().encode("vik"))
  24.                         .roles("USER").build() );
  25. //utente 2
  26.         manager.createUser(
  27.                 users.username("prova").password(new BCryptPasswordEncoder().encode("prova"))
  28.                         .roles("USER","OPERATORE").build() );
  29.  //utente 3
  30.    /*     manager.createUser(
  31.                 users.username("Vik").password(new BCryptPasswordEncoder().encode("Abc1234"))
  32.                         .roles("USER", "OPERATORE", "ADMIN").build() );*/
  33. return manager;
  34.     }
  35.  
  36.     @Bean
  37.     public HttpFirewall allowUrlEncodedSlashHttpFirewall()
  38.     {
  39.         StrictHttpFirewall firewall = new StrictHttpFirewall();
  40.         firewall.setAllowUrlEncodedSlash(true);
  41.         firewall.setAllowSemicolon(true);
  42.        
  43.         return firewall;
  44.     }
  45.  
  46.     public void configure(final AuthenticationManagerBuilder auth) throws Exception{
  47.         auth.userDetailsService(user()).passwordEncoder(pass());
  48.     }
  49.    // url amministrativi a cui uò accedere l'amministratore
  50.     private static final String[] ADMIN_Matcher={
  51.             "/book/lb", "/book/libro",  "/libri/delete",  "/libri/aggiungi"
  52.             /*url a cui potrà accedere solo l'admin*/
  53.     };
  54. private static final String[] OPERATOR_Matchers={
  55.         "/book/edit/**","/book/lb", "/book/libro", "/operatori/**","/libri/add/**", "/libri/delete/**",  "/libri/aggiungi",  "/libri/update/**", "/operatore/**"
  56. };
  57.  
  58. protected void configure(final HttpSecurity http) throws Exception{
  59.     //specifico le autorizzazioni
  60.  
  61.     http.authorizeRequests()
  62.             .antMatchers("/login/").permitAll()
  63.             //.antMatchers("/login/controllo")
  64.             .antMatchers("/book/all/").permitAll()
  65.             .antMatchers("/book/autore/").permitAll()
  66.             .antMatchers("/book/trovatoAutore/").permitAll()
  67.             .antMatchers(OPERATOR_Matchers).access("hasRole('OPERATORE')")
  68.            /* .antMatchers("/book/aggiungi/**").hasRole("OPERATORE")
  69.             .antMatchers("/book/delete/**").hasRole("OPERATORE")*/
  70.             .and()
  71.             .formLogin()//configuro il form di login
  72.             .loginPage("/login/controllo")
  73.             .loginProcessingUrl("/login")
  74.             .failureUrl("/login/**")
  75.             .usernameParameter("username")
  76.             .passwordParameter("password");
  77.             /*.and()
  78.             .exceptionHandling()
  79.             .accessDeniedPage("/login/**")
  80.             .and()
  81.             .logout()//per eseguire il logout
  82.             .logoutUrl("/login/**");
  83.            // .and().csrf().disable();
  84.  
  85. }}
  86.  
  87. ----------------------------------------------------------------------
  88.  
  89. import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
  90.  
  91. public class WebAppSecurityInizializer extends AbstractSecurityWebApplicationInitializer {
  92.  
  93. }
  94.  
  95.  
  96. -----------------------------------------------------------------------------
  97.  
  98. public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer{
  99.  
  100.     @Override
  101.     protected Class<?>[] getRootConfigClasses() {
  102.        
  103.         return null;
  104.     }
  105.  
  106.     @Override
  107.     protected Class<?>[] getServletConfigClasses() {
  108.        
  109.         return new Class<?>[] {WebConfig.class, ConfigSpringSecurity.class};
  110.     }
  111.  
  112.     @Override
  113.     protected String[] getServletMappings() {
  114.        
  115.         return new String[] {"/"};
  116.     }
  117.  
  118.     @Override
  119.     protected FrameworkServlet createDispatcherServlet(WebApplicationContext servletAppContext) {
  120.         DispatcherServlet ds= new DispatcherServlet(servletAppContext);
  121.         ds.setThrowExceptionIfNoHandlerFound(true);
  122.         return ds;
  123.     }
  124.  
  125.    
  126. }
  127.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement