Updated security config

src/main/java/org/ros/chatto/WebSecurityConfiguration.java

@@ -20,14 +20,17 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
+import lombok.RequiredArgsConstructor;
+
 @Configuration
 @EnableWebSecurity
+@RequiredArgsConstructor
 public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
 	@Autowired
-	private MyUserDetailsService myUserDetailsService;
+	private final MyUserDetailsService myUserDetailsService;
 	@Autowired
-	private PasswordEncoder passwordEncoder;
+	private final PasswordEncoder passwordEncoder;
 
 	@Override
 	@Bean
@@ -37,7 +40,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
 	@Bean
 	public AuthenticationProvider authenticationProvider() {
-		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+		final DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		provider.setUserDetailsService(myUserDetailsService);
 		provider.setPasswordEncoder(passwordEncoder);
 		return provider;
@@ -50,80 +53,76 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
 	@Configuration
 	@Order(1)
+	@RequiredArgsConstructor
 	public static class ApiWebSecurity extends WebSecurityConfigurerAdapter {
 		@Autowired
-		private RESTAuthenticationEntryPoint authenticationEntryPoint;
+		private final RESTAuthenticationEntryPoint authenticationEntryPoint;
 
 		@Autowired
-		private CustomBasicAuthenticationFilter customBasicAuthFilter;
+		private final CustomBasicAuthenticationFilter customBasicAuthFilter;
 
 		@Autowired
-		private TokenAuthenticationFilter tokenFilter;
+		private final TokenAuthenticationFilter tokenFilter;
 
 		@Override
-		protected void configure(HttpSecurity http) throws Exception {
+		protected void configure(final HttpSecurity http) throws Exception {
 			http.csrf().disable().exceptionHandling()
 
-					.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+					.and().sessionManagement()
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+					.and()
 					// .cors().and()
-					
 					.antMatcher("/api/**").authorizeRequests()
-					.antMatchers("/api/chat/**").hasAnyRole("USER", "ADMIN", "SUPER_USER")
+					.antMatchers("/api/chat/**")
+					.hasAnyRole("USER", "ADMIN", "SUPER_USER")
+					.antMatchers("/api/admin/**")
+					.hasAnyRole("ADMIN", "SUPER_USER")
 					.antMatchers("/api/demo/**").hasRole("SUPER_USER")
-//					.antMatchers("/perform-login").permitAll()
+					.anyRequest().authenticated().and().httpBasic()
-					
+					.authenticationEntryPoint(authenticationEntryPoint).and()
-					.anyRequest()
+					.addFilterBefore(tokenFilter,
-//					.hasAnyRole("USER", "ADMIN", "SUPER_USER")
+							BasicAuthenticationFilter.class)
-					.authenticated()
+					// Creating token when basic authentication is successful
-					.and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)
+					// and the
-			;
+					// same token can
-			
-			http.addFilterBefore(tokenFilter, BasicAuthenticationFilter.class);
-
-			// Creating token when basic authentication is successful and the same token can
 					// be used to authenticate for further requests
-//			final CustomBasicAuthenticationFilter customBasicAuthFilter = new CustomBasicAuthenticationFilter(
+					.addFilter(customBasicAuthFilter);
-//					authenticationManagerBean());
-			http.addFilter(customBasicAuthFilter);
-
 		}
 
 	}
 
 	@Configuration
 	@Order(2)
+	@RequiredArgsConstructor
 	public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
 		@Autowired
-		private UserSessionLoggingLoginSuccessHandler loginSuccessHandler;
+		private final UserSessionLoggingLoginSuccessHandler loginSuccessHandler;
 
 		@Autowired
-		private UserSessionLoggingLogoutSuccessHandler logoutSuccessHandler;
+		private final UserSessionLoggingLogoutSuccessHandler logoutSuccessHandler;
 
 		@Override
-		protected void configure(HttpSecurity httpSecurity) throws Exception {
+		protected void configure(final HttpSecurity httpSecurity)
-			httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
+				throws Exception {
+			httpSecurity.sessionManagement()
+					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
 
 					.authorizeRequests()
-//            		.antMatchers(HttpMethod.POST, "/api/**").permitAll()
+					.antMatchers("/", "perform_login", "/logout**",
-					.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
+							"/favicon.ico", "/login*", "/registration",
-							"/perform_registration", "/css/**", "/js/**", "/img/**")
+							"/perform_registration", "/css/**", "/js/**",
-					.permitAll()
+							"/img/**")
-//                    .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
+					.permitAll().antMatchers("/user/**")
-					.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
+					.hasAnyRole("USER", "ADMIN", "SUPER_USER")
-					.hasAnyRole("ADMIN", "SUPER_USER")
+					.antMatchers("/admin/**").hasAnyRole("ADMIN", "SUPER_USER")
-//					.and()
-//					.antMatcher("/api/**")
-//					.authorizeRequests()
 					.anyRequest().authenticated()
 
 					.and()
 
-					.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
+					.formLogin().loginPage("/login").permitAll()
+					.loginProcessingUrl("/perform_login")
 					.successHandler(loginSuccessHandler).and().logout()
-					.logoutSuccessHandler(logoutSuccessHandler)
+					.logoutSuccessHandler(logoutSuccessHandler);
-			;
+		}
-		}
-//	    }
-
 	}
 }