package com.juick.www.configuration; import com.juick.service.UserService; import com.juick.www.entity.JuickUser; import org.apache.commons.lang3.StringUtils; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.Environment; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import javax.annotation.Resource; /** * Created by aalexeev on 11/21/16. */ @EnableWebSecurity @PropertySource("classpath:juick.conf") public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Resource private Environment env; @Resource private UserService userService; protected WebSecurityConfig() { super(true); } @Bean("userDetailsService") @Override public UserDetailsService userDetailsServiceBean() throws Exception { return username -> { if (StringUtils.isBlank(username)) throw new UsernameNotFoundException("Invalid user name " + username); com.juick.User user = userService.getUserByName(username); if (user != null) return new JuickUser(user); throw new UsernameNotFoundException("The username " + username + " is not found"); }; } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/settings", "/pm/**").authenticated() .anyRequest().authenticated() .and() .anonymous() .authorities("ROLE_ANONYM") .and() .logout() .invalidateHttpSession(true) .logoutUrl("/logout") .logoutSuccessUrl("/") .and() .formLogin() .loginPage("/login") .permitAll() .defaultSuccessUrl("/") .failureForwardUrl("/login") .and() .rememberMe() .tokenValiditySeconds(6 * 30 * 24 * 3600) .alwaysRemember(true) .useSecureCookie(true) .rememberMeCookieName(env.getProperty("auth_cookie_name", "hash")) .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com")) .and() .csrf().disable(); } }