개발환경/Spring
Spring Security Java Config Example
idkbj
2015. 1. 8. 13:08
Restful 한 API 서버에 Spring Security 3.2.5 Java Config Example.
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private SecurityProperties security;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring().antMatchers(
"/",
"/index.html",
"/app.js",
"/resources/**",
"/user/notLogin*",
"/user/loginFail*",
"/user/accessDenied*",
"/user/onAfterLogout*"
);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.anonymous().disable()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.exceptionHandling().accessDeniedPage("/user/accessDenied")
.and()
.formLogin()
.loginPage("/user/notLogin")
.loginProcessingUrl("/user/login")
.defaultSuccessUrl("/user/onAfterLogin", true)
.failureUrl("/user/loginFail")
.and()
.logout()
.logoutUrl("/user/logout")
.logoutSuccessUrl("/user/onAfterLogout")
.and()
.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("username").password("password").roles("ADMIN");
}
}