/** * Configures LemonSecurityConfig if missing */ @Bean @ConditionalOnMissingBean(LemonWebSecurityConfig.class) public LemonWebSecurityConfig lemonSecurityConfig() { log.info("Configuring LemonJpaSecurityConfig"); return new LemonJpaSecurityConfig(); }
/** * Security configuration, calling protected methods */ @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); login(http); // authentication exceptionHandling(http); // exception handling oauth2Client(http); }
@Override protected void authorizeRequests(HttpSecurity http) throws Exception { http.authorizeRequests() .mvcMatchers("/admin/**").hasRole("GOOD_ADMIN"); super.authorizeRequests(http); } }
/** * Configuring authentication. */ protected void login(HttpSecurity http) throws Exception { http .formLogin() // form login .loginPage(loginPage()) /****************************************** * Setting a successUrl would redirect the user there. Instead, * let's send 200 and the userDto along with an Authorization token. *****************************************/ .successHandler(authenticationSuccessHandler) /******************************************* * Setting the failureUrl will redirect the user to * that url if login fails. Instead, we need to send * 401. So, let's set failureHandler instead. *******************************************/ .failureHandler(new SimpleUrlAuthenticationFailureHandler()); }