java-tutorials/spring-5-security/src/main/java/com/baeldung/securityextrafields/SecurityConfig.java

package com.baeldung.securityextrafields;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@EnableWebSecurity
@PropertySource("classpath:/application-extrafields.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        
        http
            .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
            .authorizeRequests()
                .antMatchers("/css/**", "/index").permitAll()
                .antMatchers("/user/**").authenticated()
            .and()
            .formLogin().loginPage("/login")
            .and()
            .logout()
            .logoutUrl("/logout");
    }

    public CustomAuthenticationFilter authenticationFilter() throws Exception {
        CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManagerBean());
        filter.setAuthenticationFailureHandler(failureHandler());
        return filter;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider());
    }

    public AuthenticationProvider authProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }

    public SimpleUrlAuthenticationFailureHandler failureHandler() {
        return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
    }

    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
BAEL-1418 - spring security with extra login fields (#3413) * BAEL-1418 - spring security with extra login fields * change delimeter for username/domain concatenation * remove unnecessary class * move source to spring-5-security module * finish moving example code to spring-5-security module * fix formatting in pom * adjust spacing 2018-01-18 05:13:33 -05:00			`package com.baeldung.securityextrafields;`

			`import org.springframework.beans.factory.annotation.Autowired;`
			`import org.springframework.context.annotation.PropertySource;`
			`import org.springframework.security.authentication.AuthenticationProvider;`
			`import org.springframework.security.authentication.dao.DaoAuthenticationProvider;`
			`import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;`
			`import org.springframework.security.core.userdetails.UserDetailsService;`
			`import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;`
			`import org.springframework.security.crypto.password.PasswordEncoder;`
			`import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;`
			`import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;`

			`@EnableWebSecurity`
			`@PropertySource("classpath:/application-extrafields.properties")`
			`public class SecurityConfig extends WebSecurityConfigurerAdapter {`

			`@Autowired`
			`private UserDetailsService userDetailsService;`

			`@Override`
			`protected void configure(HttpSecurity http) throws Exception {`

			`http`
			`.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)`
			`.authorizeRequests()`
			`.antMatchers("/css/**", "/index").permitAll()`
			`.antMatchers("/user/**").authenticated()`
			`.and()`
			`.formLogin().loginPage("/login")`
			`.and()`
			`.logout()`
			`.logoutUrl("/logout");`
			`}`

			`public CustomAuthenticationFilter authenticationFilter() throws Exception {`
			`CustomAuthenticationFilter filter = new CustomAuthenticationFilter();`
			`filter.setAuthenticationManager(authenticationManagerBean());`
			`filter.setAuthenticationFailureHandler(failureHandler());`
			`return filter;`
			`}`

			`@Autowired`
			`public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {`
			`auth.authenticationProvider(authProvider());`
			`}`

			`public AuthenticationProvider authProvider() {`
			`DaoAuthenticationProvider provider = new DaoAuthenticationProvider();`
			`provider.setUserDetailsService(userDetailsService);`
			`provider.setPasswordEncoder(passwordEncoder());`
			`return provider;`
			`}`

			`public SimpleUrlAuthenticationFailureHandler failureHandler() {`
			`return new SimpleUrlAuthenticationFailureHandler("/login?error=true");`
			`}`

			`public PasswordEncoder passwordEncoder() {`
			`return new BCryptPasswordEncoder();`
			`}`
			`}`