1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
|
@SpringBootApplication
@RestController
@EnableWebSecurity
public class CorsConfig implements WebMvcConfigurer {
private static Logger logger = LogManager.getLogger(CorsConfig.class);
// Match everything without a suffix (so not a static resource)
@RequestMapping(value = "/{path:[^\\.]*}")
public String redirect() {
// Forward to home page so that route is preserved.
return "forward:/";
}
@RequestMapping("/login")
@ResponseBody
public Principal user(HttpServletRequest request, Principal user) {
return user;
}
@RequestMapping(value="/logout")
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null){
logger.info("utilisateur déconnecté :"+auth.getName());
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return "redirect:/login?logout=true";
}
public static void main(String[] args) {
// SpringApplication.run(UiApplication.class, args);
new SpringApplicationBuilder(CorsConfig.class).run(args);
}
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private AppAuthenticationProvider appAuthenticationProvider;
public void setAppAuthenticationProvider(AppAuthenticationProvider appAuthenticationProvider) {
this.appAuthenticationProvider = appAuthenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/mon-backend/**", "/lib/**", "/index.jsp", "/","/login")
.permitAll()
.antMatchers("/**")
.hasAnyRole("ADMIN", "USER")
.and()
.formLogin()
.loginPage("/login")
// .defaultSuccessUrl("/home")
.failureUrl("/login?error=true")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/login?logout=true")
.invalidateHttpSession(true)
.permitAll()
.and()
.csrf()
.disable();
}
@Override
@Order(1)
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(appAuthenticationProvider);
}
}
} |
Partager