src/main/java/com/csharp/bikerental/config/SecurityConfig.java
package com.csharp.bikerental.config;
import com.csharp.bikerental.service.UserService.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserServiceImpl userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
//.antMatchers("/bike").hasRole("ADMIN")
.antMatchers("/Subscriptions").hasRole("USER")
.antMatchers("/api/**").permitAll()
.anyRequest().authenticated()
.and()
.authenticationProvider(authenticationProvider())
.formLogin()
.loginPage("/login")
.permitAll()
//.loginProcessingUrl("/perform_login")
//.defaultSuccessUrl("/homepage.html", true)
.and()
.logout().permitAll().logoutSuccessUrl("/login")
;
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(encoder());
return authProvider;
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder(11);
}
}