java-tutorials/spring-security-mvc-boot/src/main/java/com/baeldung/SpringSecurityConfig.java

package com.baeldung;

import javax.annotation.PostConstruct;
import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
import org.springframework.web.context.WebApplicationContext;

import com.baeldung.security.AuthenticationSuccessHandlerImpl;
import com.baeldung.security.CustomUserDetailsService;

@Configuration
@EnableWebSecurity
@ComponentScan("com.baeldung.security")
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private WebApplicationContext applicationContext;
    private CustomUserDetailsService userDetailsService;
    @Autowired
    private AuthenticationSuccessHandlerImpl successHandler;
    @Autowired
    private DataSource dataSource;

    @PostConstruct
    public void completeSetup() {
        userDetailsService = applicationContext.getBean(CustomUserDetailsService.class);
    }

    @Override
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
            .passwordEncoder(encoder())
            .and()
            .authenticationProvider(authenticationProvider())
            .jdbcAuthentication()
            .dataSource(dataSource);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers("/resources/**");
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/login")
            .permitAll()
            .and()
            .formLogin()
            .permitAll()
            .successHandler(successHandler)
            .and()
            .csrf()
            .disable();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        final DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(userDetailsService);
        authProvider.setPasswordEncoder(encoder());
        return authProvider;
    }

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder(11);
    }

    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
        return new SecurityEvaluationContextExtension();
    }
}
Ocheja fix (#3572) * Define beans for handling different message types in a lean chat app * Add class based spring beans configuration * Define spring configuration in XML for constructor based bean injection * Refactor package structure to separate constructor based bean injection code set from setter based bean injection code set * Define configuration and classes specific to setter-based bean injection. * Implement tests for constructor-based and setter-based bean injections * develop codes for explaining type erasure * Write unit tests for type erasure examples * Remove evaluation article code * Modify type erasure examples and unit tests * Modify type erasure examples and unit tests * Add expected exception in TypeErasureUnitTest * Correct grammar in class name * Implement File Manager app to demonstrate Polymorphism. Develop unit tests for Polymorphism article code * Add examples for static polymorphism * Change sysout statments to slf4j log info statements * Add assertions and expected errors check on Test * Add assertions and expected errors check on Test * Correct compile time error of symbol not found * Removed commented out non-compiling test. * Replace string concatenations with String.format * Replace string concatenations with String.format * Remove verbose file info descriptor and replace with simpler one * Add example codes for Hibernate Interceptors article Write tests for session-scoped and sessionFactory-scoped interceptors * Implement serializable on customInterceptorImpl * Implement examples for spring data with spring security integration * Remove webapp example implementations; too extensive 2018-02-03 12:37:28 +01:00			`package com.baeldung;`

			`import javax.annotation.PostConstruct;`
			`import javax.sql.DataSource;`

			`import org.springframework.beans.factory.annotation.Autowired;`
			`import org.springframework.context.annotation.Bean;`
			`import org.springframework.context.annotation.ComponentScan;`
			`import org.springframework.context.annotation.Configuration;`
			`import org.springframework.security.authentication.dao.DaoAuthenticationProvider;`
			`import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity;`
			`import org.springframework.security.config.annotation.web.builders.WebSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;`
			`import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;`
			`import org.springframework.security.crypto.password.PasswordEncoder;`
			`import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;`
			`import org.springframework.web.context.WebApplicationContext;`

			`import com.baeldung.security.AuthenticationSuccessHandlerImpl;`
			`import com.baeldung.security.CustomUserDetailsService;`

			`@Configuration`
			`@EnableWebSecurity`
			`@ComponentScan("com.baeldung.security")`
			`public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {`

			`@Autowired`
			`private WebApplicationContext applicationContext;`
			`private CustomUserDetailsService userDetailsService;`
			`@Autowired`
			`private AuthenticationSuccessHandlerImpl successHandler;`
			`@Autowired`
			`private DataSource dataSource;`

			`@PostConstruct`
			`public void completeSetup() {`
			`userDetailsService = applicationContext.getBean(CustomUserDetailsService.class);`
			`}`

			`@Override`
			`protected void configure(final AuthenticationManagerBuilder auth) throws Exception {`
			`auth.userDetailsService(userDetailsService)`
			`.passwordEncoder(encoder())`
			`.and()`
			`.authenticationProvider(authenticationProvider())`
			`.jdbcAuthentication()`
			`.dataSource(dataSource);`
			`}`

			`@Override`
			`public void configure(WebSecurity web) throws Exception {`
			`web.ignoring()`
			`.antMatchers("/resources/**");`
			`}`

			`@Override`
			`protected void configure(final HttpSecurity http) throws Exception {`
			`http.authorizeRequests()`
			`.antMatchers("/login")`
			`.permitAll()`
			`.and()`
			`.formLogin()`
			`.permitAll()`
			`.successHandler(successHandler)`
			`.and()`
			`.csrf()`
			`.disable();`
			`}`

			`@Bean`
			`public DaoAuthenticationProvider authenticationProvider() {`
			`final DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();`
			`authProvider.setUserDetailsService(userDetailsService);`
			`authProvider.setPasswordEncoder(encoder());`
			`return authProvider;`
			`}`

			`@Bean`
			`public PasswordEncoder encoder() {`
			`return new BCryptPasswordEncoder(11);`
			`}`

			`@Bean`
			`public SecurityEvaluationContextExtension securityEvaluationContextExtension() {`
			`return new SecurityEvaluationContextExtension();`
			`}`
			`}`