Merge pull request #15256 from Michaelin007/master
Update article HttpSecurity vs. WebSecurity
This commit is contained in:
commit
3643c289c7
|
@ -0,0 +1,78 @@
|
|||
package com.baeldung.httpsecurityvswebsecurity;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.firewall.HttpFirewall;
|
||||
import org.springframework.security.web.firewall.StrictHttpFirewall;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
public HttpFirewall allowHttpMethod() {
|
||||
List<String> allowedMethods = new ArrayList<String>();
|
||||
allowedMethods.add("GET");
|
||||
allowedMethods.add("POST");
|
||||
StrictHttpFirewall firewall = new StrictHttpFirewall();
|
||||
firewall.setAllowedHttpMethods(allowedMethods);
|
||||
return firewall;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSecurityCustomizer fireWall() {
|
||||
return (web) -> web.httpFirewall(allowHttpMethod());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSecurityCustomizer ignoringCustomizer() {
|
||||
return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebSecurityCustomizer debugSecurity() {
|
||||
return (web) -> web.debug(true);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
UserDetails user = User.withUsername("user")
|
||||
.password(encoder().encode("userPass"))
|
||||
.roles("ADMIN")
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(user);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder encoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
|
||||
.hasRole("ADMIN")
|
||||
.anyRequest()
|
||||
.permitAll())
|
||||
.httpBasic(withDefaults())
|
||||
.formLogin(withDefaults())
|
||||
.csrf(AbstractHttpConfigurer::disable);
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
package com.baeldung.httpsecurityvswebsecurity.controller;
|
||||
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/admin")
|
||||
public class AdminController {
|
||||
|
||||
@RequestMapping("/greeting")
|
||||
public String hello() {
|
||||
return "Hello Admin";
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue