From 9b262c9381eca09f00c1e48abad52be33275e11c Mon Sep 17 00:00:00 2001
From: DOHA <dohae243@gmail.com>
Date: Sun, 3 Apr 2016 19:13:25 +0200
Subject: [PATCH] add java configuration

---
 .../baeldung/spring/SecSecurityConfig.java    | 51 +++++++++++++++-
 .../src/main/webapp/WEB-INF/web.xml           |  9 ++-
 ...SimpleUrlAuthenticationSuccessHandler.java |  2 +-
 .../baeldung/spring/SecSecurityConfig.java    | 58 ++++++++++++++++++-
 .../src/main/webapp/WEB-INF/web.xml           | 13 ++---
 .../config/parent/SecurityConfig.java         | 31 +++++++++-
 6 files changed, 142 insertions(+), 22 deletions(-)

diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
index 4da114c78b..08cb09384b 100644
--- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -1,14 +1,59 @@
 package org.baeldung.spring;
 
+import org.baeldung.security.CustomLogoutSuccessHandler;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.ImportResource;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
 @Configuration
-@ImportResource({ "classpath:webSecurityConfig.xml" })
-public class SecSecurityConfig {
+// @ImportResource({ "classpath:webSecurityConfig.xml" })
+@EnableWebSecurity
+public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
 
     public SecSecurityConfig() {
         super();
     }
 
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        // @formatter:off
+        auth.inMemoryAuthentication()
+        .withUser("user1").password("user1Pass").roles("USER")
+        .and()
+        .withUser("user2").password("user2Pass").roles("USER");
+        // @formatter:on
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+        .csrf().disable()
+        .authorizeRequests()
+        .antMatchers("/anonymous*").anonymous()
+        .antMatchers("/login*").permitAll()
+        .anyRequest().authenticated()
+        .and()
+        .formLogin()
+        .loginPage("/login.html")
+        .loginProcessingUrl("/perform_login")
+        .defaultSuccessUrl("/homepage.html",true)
+        .failureUrl("/login.html?error=true")
+        .and()
+        .logout()
+        .logoutUrl("/perform_logout")
+        .deleteCookies("JSESSIONID")
+        .logoutSuccessHandler(logoutSuccessHandler());
+        // @formatter:on
+    }
+
+    @Bean
+    public LogoutSuccessHandler logoutSuccessHandler() {
+        return new CustomLogoutSuccessHandler();
+    }
+
 }
diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml b/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml
index f13ae48c7e..0a0a340995 100644
--- a/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml
+++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml
@@ -1,9 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-    xsi:schemaLocation="
-      http://java.sun.com/xml/ns/javaee
-      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"
->
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+         version="3.1">
 
     <display-name>Spring MVC Application</display-name>
 
diff --git a/spring-security-mvc-session/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java b/spring-security-mvc-session/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
index 19f1ca76a6..19f49ea59d 100644
--- a/spring-security-mvc-session/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
+++ b/spring-security-mvc-session/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
@@ -21,7 +21,7 @@ public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSu
 
     private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
 
-    protected MySimpleUrlAuthenticationSuccessHandler() {
+    public MySimpleUrlAuthenticationSuccessHandler() {
         super();
     }
 
diff --git a/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
index 4da114c78b..c62b795e01 100644
--- a/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-session/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -1,14 +1,66 @@
 package org.baeldung.spring;
 
+import org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.ImportResource;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
 
 @Configuration
-@ImportResource({ "classpath:webSecurityConfig.xml" })
-public class SecSecurityConfig {
+// @ImportResource({ "classpath:webSecurityConfig.xml" })
+@EnableWebSecurity
+public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
 
     public SecSecurityConfig() {
         super();
     }
 
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        // @formatter:off
+        auth.inMemoryAuthentication()
+        .withUser("user1").password("user1Pass").roles("USER")
+        .and()
+        .withUser("admin1").password("admin1Pass").roles("ADMIN");
+        // @formatter:on
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+        .csrf().disable()
+        .authorizeRequests()
+        .antMatchers("/anonymous*").anonymous()
+        .antMatchers("/login*").permitAll()
+        .anyRequest().authenticated()
+        .and()
+        .formLogin()
+        .loginPage("/login.html")
+        .loginProcessingUrl("/login")
+        .successHandler(successHandler())
+        .failureUrl("/login.html?error=true")
+        .and()
+        .logout().deleteCookies("JSESSIONID")
+        .and()
+        .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
+        .and()
+        .sessionManagement().invalidSessionUrl("/invalidSession.html").maximumSessions(2).expiredUrl("/sessionExpired.html");
+
+        // @formatter:on
+    }
+
+    private AuthenticationSuccessHandler successHandler() {
+        return new MySimpleUrlAuthenticationSuccessHandler();
+    }
+
+    @Bean
+    public HttpSessionEventPublisher httpSessionEventPublisher() {
+        return new HttpSessionEventPublisher();
+    }
+
 }
diff --git a/spring-security-mvc-session/src/main/webapp/WEB-INF/web.xml b/spring-security-mvc-session/src/main/webapp/WEB-INF/web.xml
index 45b49b2a91..57826fadac 100644
--- a/spring-security-mvc-session/src/main/webapp/WEB-INF/web.xml
+++ b/spring-security-mvc-session/src/main/webapp/WEB-INF/web.xml
@@ -1,9 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-    xsi:schemaLocation="
-      http://java.sun.com/xml/ns/javaee
-      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"
->
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+         version="3.1">
 
     <display-name>Spring MVC Session Application</display-name>
 
@@ -13,9 +12,9 @@
     <listener>
         <listener-class>org.baeldung.web.SessionListenerWithMetrics</listener-class>
     </listener>
-    <listener>
+   <!--  <listener>
         <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
-    </listener>
+    </listener> -->
 
     <!-- Spring root -->
     <context-param>
diff --git a/spring-security-rest-custom/src/main/java/org/baeldung/config/parent/SecurityConfig.java b/spring-security-rest-custom/src/main/java/org/baeldung/config/parent/SecurityConfig.java
index ee9b0868e7..67d9abbae5 100644
--- a/spring-security-rest-custom/src/main/java/org/baeldung/config/parent/SecurityConfig.java
+++ b/spring-security-rest-custom/src/main/java/org/baeldung/config/parent/SecurityConfig.java
@@ -1,16 +1,41 @@
 package org.baeldung.config.parent;
 
+import org.baeldung.security.CustomAuthenticationProvider;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.ImportResource;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
-@ImportResource({ "classpath:webSecurityConfig.xml" })
+// @ImportResource({ "classpath:webSecurityConfig.xml" })
+@EnableWebSecurity
 @ComponentScan("org.baeldung.security")
-public class SecurityConfig {
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private CustomAuthenticationProvider authProvider;
 
     public SecurityConfig() {
         super();
     }
 
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(authProvider);
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+        .authorizeRequests().anyRequest().authenticated()
+        .and()
+        .httpBasic();
+        // @formatter:on
+    }
+
+
 }