1

1

.

.

1

1

.

.

9

e

c

c

u

u

r

r

i

i

t

-

W

W

e

e

b

b

S

u

r

r

i

i

t

t

y

y

C

f

i

i

g

g

.

.

j

j

a

I

I

n

n

f

f

o

o

Class WebSecurityConfig.java is going to be a central point in specifying different settings related to Security.\

So here is a short overview of different things that can be configured.

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration

@EnableWebSecurity

@RequiredArgsConstructor

@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) //Enables @Secured & @PreAuthorize

public class WebSecurityConfig extends WebSecurityConfigurerAdapt er {

private final UserDetailsService userDetailsService;

//====================================================================

// CONFIGURE

//====================================================================

@Override

protected void configure(HttpSecurity httpSecurity) throws Exception {

//SPECIFY ACCESS TO ENDPOINTS

httpSecurity.authorizeRequests().antMatchers("/Authenticate").permitAll(); //Anonymouse Access (no Login)

httpSecurity.authorizeRequests().antMatchers("/Hello").hasRole("USER"); //Authenticated Access

httpSecurity.authorizeRequests().anyRequest().authenticated(); //Authenticated Access

.loginPage("/MyLogin")

.loginProcessingUrl("/login");

//ENABLE REMEMBER ME COOKIE

httpSecurity.rememberMe().key("something").userDetailsService(userDetailsService);

//DISABLE CSRF

httpSecurity.csrf().disable();

}