SecurityConfiguration.java

package org.hoteia.qalingo.core.security.bo.configuration;

import org.hoteia.qalingo.core.security.fo.component.AccessDeniedHandler;
import org.hoteia.qalingo.core.security.fo.component.LoginUrlAuthenticationEntryPoint;
import org.hoteia.qalingo.core.security.fo.component.LogoutSuccessHandler;
import org.hoteia.qalingo.core.security.fo.component.SimpleUrlAuthenticationFailureHandler;
import org.hoteia.qalingo.core.security.fo.component.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    protected AccessDeniedHandler accessDeniedHandler;
    
    @Autowired
    protected LogoutSuccessHandler logoutSuccessHandler;
    
    @Autowired
    protected SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler;
    
    @Autowired
    protected SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler;
    
    @Autowired
    protected LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint;
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
  
      http.exceptionHandling().authenticationEntryPoint(loginUrlAuthenticationEntryPoint)
      .and()
      .authorizeRequests()
        .antMatchers("/", 
                "/login.html**").permitAll()

        .antMatchers("/*").access("hasRole('ROLE_BO_TECHNICAL_ADMIN') or hasRole('ROLE_BO_TECHNICAL_USER')" +
        		"or hasRole('ROLE_BO_BUSINESS_ADMIN') or hasRole('ROLE_BO_BUSINESS_USER')")

        .and()
        .formLogin().loginProcessingUrl("/j_spring_security_check")
        .failureHandler(simpleUrlAuthenticationFailureHandler).successHandler(simpleUrlAuthenticationSuccessHandler)
        .and()
        .logout().logoutSuccessHandler(logoutSuccessHandler).invalidateHttpSession(false).logoutUrl("/logout-session.html")
        .and()
        .rememberMe()
        .and()
        .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
        .and()
        .csrf().disable()
        .sessionManagement().sessionFixation().none()
        ;
    }
    
}