package com.takipArac.wsTakipArac.core.utilities.configuration; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.AuthenticationException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.AuthenticationEntryPoint; @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired UserAuthService userAuthService; @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.httpBasic().authenticationEntryPoint(new AuthenticationEntryPoint() { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { response.sendError(HttpStatus.UNAUTHORIZED.value(),HttpStatus.UNAUTHORIZED.getReasonPhrase()); } }); http.authorizeRequests() /* * .antMatchers("/api/1.0/auth").hasAnyAuthority("Role_admin", * "Role_companyUser", "Role_driver") * .antMatchers("/api/1.0/admin/**").hasAuthority("Role_admin") * .antMatchers("/api/1.0/companyUser/**").hasAuthority("Role_companyUser") * .antMatchers("/api/1.0/driver/**").hasAuthority("Role_driver") * .antMatchers("/api/1.0/adminCompany/**").hasAnyAuthority("Role_admin", * "Role_companyUser") * .antMatchers("/api/1.0/adminDriver/**").hasAnyAuthority("Role_admin", * "Role_driver") * .antMatchers("/api/1.0/companyDriver/**").hasAnyAuthority("Role_admin", * "Role_driver") .antMatchers("/api/1.0/all/**").hasAnyAuthority("Role_admin", * "Role_companyUser","Role_driver") .anyRequest().authenticated() .and() * .formLogin().permitAll() .and() .logout().permitAll() .and() * .exceptionHandling().accessDeniedPage("/403"); */ .and() .authorizeRequests().anyRequest().permitAll(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userAuthService).passwordEncoder(new BCryptPasswordEncoder()); } }