|
|
@ -90,23 +90,23 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Configuration |
|
|
|
@Order(2) |
|
|
|
public static class FormWebSecurity extends WebSecurityConfigurerAdapter { |
|
|
|
@Autowired |
|
|
|
private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler; |
|
|
|
|
|
|
|
|
|
|
|
@Autowired |
|
|
|
private MyLogoutSuccessHandler myLogoutSuccessHandler; |
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
protected void configure(HttpSecurity httpSecurity) throws Exception { |
|
|
|
httpSecurity.authorizeRequests() |
|
|
|
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and() |
|
|
|
|
|
|
|
.authorizeRequests() |
|
|
|
// .antMatchers(HttpMethod.POST, "/api/**").permitAll() |
|
|
|
.antMatchers("/", "perform_login","/logout**" ,"/favicon.ico","/login*", "/registration", "/perform_registration", "/css/**", |
|
|
|
"/js/**", "/img/**") |
|
|
|
.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration", |
|
|
|
"/perform_registration", "/css/**", "/js/**", "/img/**") |
|
|
|
.permitAll() |
|
|
|
// .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll() |
|
|
|
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**") |
|
|
@ -119,9 +119,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { |
|
|
|
.and() |
|
|
|
|
|
|
|
.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login") |
|
|
|
.successHandler(mySimpleUrlAuthenticationSuccessHandler) |
|
|
|
.and() |
|
|
|
.logout().logoutSuccessHandler(myLogoutSuccessHandler) |
|
|
|
.successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout() |
|
|
|
.logoutSuccessHandler(myLogoutSuccessHandler) |
|
|
|
// .failureUrl("/?login_error") |
|
|
|
// .and() |
|
|
|
// .logout().invalidateHttpSession(true) |
|
|
@ -130,7 +129,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { |
|
|
|
// .logoutSuccessUrl("/").permitAll() |
|
|
|
// .and().httpBasic(); |
|
|
|
// .and().cors() |
|
|
|
.and().csrf().disable(); |
|
|
|
// .and().csrf().disable(); |
|
|
|
; |
|
|
|
// httpSecurity |
|
|
|
// .csrf().disable() |
|
|
@ -152,7 +151,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { |
|
|
|
// } |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// @Override |
|
|
|
// protected void configure(AuthenticationManagerBuilder auth) throws Exception { |
|
|
|
// auth.eraseCredentials(false); |
|
|
|