WebSecurityConfig.java example

Explorer

spring4ws-demos-master
- src
  - main
    - java
      - ch
        rasc
        s4ws
        ServletInitializer.java
        Spring4WebSocketExamplesApplication.java
        bandwidth
        NetworkInfoProducer.java
        brainshop
        Board.java
        BrainConfig.java
        BrainHandler.java
        BrainMessage.java
        BrainService.java
        Group.java
        Idea.java
        drawboard
        DrawMessage.java
        DrawboardConfig.java
        DrawboardWebSocketHandler.java
        MessageType.java
        Room.java
        map
        CarDriver.java
        LatLng.java
        Route.java
        portfolio
        Portfolio.java
        PortfolioPosition.java
        config
        WebSecurityConfig.java
        service
        PortfolioService.java
        PortfolioServiceImpl.java
        Quote.java
        QuoteService.java
        Trade.java
        TradeService.java
        TradeServiceImpl.java
        web
        PortfolioController.java
        smoothie
        CpuData.java
        CpuDataHandler.java
        CpuDataService.java
        SmoothieConfig.java
        snake
        Direction.java
        Location.java
        Snake.java
        SnakeConfig.java
        SnakeTimer.java
        SnakeUtils.java
        SnakeWebSocketHandler.java
        tail
        Access.java
        TailService.java
        tennis
        MatchService.java
        Player.java
        TennisMatch.java
        twitter
        Tweet.java
        TwitterConfig.java
        TwitterHandler.java
        TwitterStatusListener.java

/*
 * Copyright 2002-2013 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package ch.rasc.s4ws.portfolio.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;

/**
 * Customizes Spring Security configuration.
 *
 * @author Rob Winch
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// @formatter:off
		http.csrf()
				.disable()
				// See https://jira.springsource.org/browse/SPR-11496
				.headers()
				.addHeaderWriter(
						new XFrameOptionsHeaderWriter(
								XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
				.and()

				.formLogin().defaultSuccessUrl("/portfolio/index.html")
				.loginPage("/portfolio/login.html")
				.failureUrl("/portfolio/login.html?error").permitAll().and().logout()
				.logoutSuccessUrl("/portfolio/login.html?logout")
				.logoutUrl("/portfolio/logout.html").permitAll().and()
				.authorizeRequests().antMatchers("/portfolio/login.css").permitAll()
				.antMatchers("/portfolio/**").authenticated().and();

		// @formatter:on
	}

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		// @formatter:off
		auth.inMemoryAuthentication().withUser("fabrice").password("fab123")
				.roles("USER").and().withUser("paulson").password("bond")
				.roles("ADMIN", "USER");
		// @formatter:on
	}
}