Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Configuration
- @EnableWebSecurity
- public class ConfigSpringSecurity extends WebSecurityConfigurerAdapter {
- final static Logger logger=Logger.getLogger(ConfigSpringSecurity.class.getName());
- @Bean
- public BCryptPasswordEncoder pass(){
- //per criptare le password
- return new BCryptPasswordEncoder();
- }
- @Bean
- public UserDetailsService user(){
- //qua specifico gli utenti che potranno accedere alla app
- UserBuilder users = User.builder();//con user buildere istanzio/creo nuovi utenti
- InMemoryUserDetailsManager manager= new InMemoryUserDetailsManager();
- //untente 1
- manager.createUser(
- users.username("vik").password(new BCryptPasswordEncoder().encode("vik"))
- .roles("USER").build() );
- //utente 2
- manager.createUser(
- users.username("prova").password(new BCryptPasswordEncoder().encode("prova"))
- .roles("USER","OPERATORE").build() );
- //utente 3
- /* manager.createUser(
- users.username("Vik").password(new BCryptPasswordEncoder().encode("Abc1234"))
- .roles("USER", "OPERATORE", "ADMIN").build() );*/
- return manager;
- }
- @Bean
- public HttpFirewall allowUrlEncodedSlashHttpFirewall()
- {
- StrictHttpFirewall firewall = new StrictHttpFirewall();
- firewall.setAllowUrlEncodedSlash(true);
- firewall.setAllowSemicolon(true);
- return firewall;
- }
- public void configure(final AuthenticationManagerBuilder auth) throws Exception{
- auth.userDetailsService(user()).passwordEncoder(pass());
- }
- // url amministrativi a cui uò accedere l'amministratore
- private static final String[] ADMIN_Matcher={
- "/book/lb", "/book/libro", "/libri/delete", "/libri/aggiungi"
- /*url a cui potrà accedere solo l'admin*/
- };
- private static final String[] OPERATOR_Matchers={
- "/book/edit/**","/book/lb", "/book/libro", "/operatori/**","/libri/add/**", "/libri/delete/**", "/libri/aggiungi", "/libri/update/**", "/operatore/**"
- };
- protected void configure(final HttpSecurity http) throws Exception{
- //specifico le autorizzazioni
- http.authorizeRequests()
- .antMatchers("/login/").permitAll()
- //.antMatchers("/login/controllo")
- .antMatchers("/book/all/").permitAll()
- .antMatchers("/book/autore/").permitAll()
- .antMatchers("/book/trovatoAutore/").permitAll()
- .antMatchers(OPERATOR_Matchers).access("hasRole('OPERATORE')")
- /* .antMatchers("/book/aggiungi/**").hasRole("OPERATORE")
- .antMatchers("/book/delete/**").hasRole("OPERATORE")*/
- .and()
- .formLogin()//configuro il form di login
- .loginPage("/login/controllo")
- .loginProcessingUrl("/login")
- .failureUrl("/login/**")
- .usernameParameter("username")
- .passwordParameter("password");
- /*.and()
- .exceptionHandling()
- .accessDeniedPage("/login/**")
- .and()
- .logout()//per eseguire il logout
- .logoutUrl("/login/**");
- // .and().csrf().disable();
- }}
- ----------------------------------------------------------------------
- import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
- public class WebAppSecurityInizializer extends AbstractSecurityWebApplicationInitializer {
- }
- -----------------------------------------------------------------------------
- public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer{
- @Override
- protected Class<?>[] getRootConfigClasses() {
- return null;
- }
- @Override
- protected Class<?>[] getServletConfigClasses() {
- return new Class<?>[] {WebConfig.class, ConfigSpringSecurity.class};
- }
- @Override
- protected String[] getServletMappings() {
- return new String[] {"/"};
- }
- @Override
- protected FrameworkServlet createDispatcherServlet(WebApplicationContext servletAppContext) {
- DispatcherServlet ds= new DispatcherServlet(servletAppContext);
- ds.setThrowExceptionIfNoHandlerFound(true);
- return ds;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement