I try to do the Java annotation based Spring security configuration. I do this after following a tutorial and have the code as provided,
@Configuration
@EnableWebSecurity
// need to change this to the security directory
@ComponentScan("")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication()
.withUser("temporary").password("temporary").roles("ADMIN")
.and()
.withUser("user").password("userPass").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/api/foos").authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.logout();
}
@Bean
public MySavedRequestAwareAuthenticationSuccessHandler mySuccessHandler() {
return new MySavedRequestAwareAuthenticationSuccessHandler();
}
@Bean
public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler();
}
}
The API base for the project I work,
public static final String API_BASE = "/*";
For example, I do the cURL request like,
curl -X GET http://localhost:8080/rest/wallet/wallets | json
I'm not sure about the .antMatchers("/api/foos").authenticated() line in the code. For example, from where the foos is coming and do I need to change it to something like .antMatchers("/foos").authenticated()?
If you are new to programming, its a valid question. But get used to it. All the examples would usually have 'foo' and 'bar' as sample variables, method names etc.
Anyways, the .antMatchers("/api/foos").authenticated() specifies that the pattern URL that matches /api/foo need to be authenticated and then the following handlers should be used.
Change the pattern to your matching one - .antMatchers("/rest/wallet/**") and test your code.
For more reference - read this post : When to use Spring Security`s antMatcher()?
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments