package com.roshka.configuration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public UserDetailsService userDetailsService() { return new CustomUserDetailsService(); } @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public DaoAuthenticationProvider authenticationProvider() { DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); authProvider.setUserDetailsService(userDetailsService()); authProvider.setPasswordEncoder(passwordEncoder()); return authProvider; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider()); } @Override protected void configure(HttpSecurity http) throws Exception { http // .csrf().disable() .authorizeRequests() .mvcMatchers("/").authenticated() .mvcMatchers("/home").authenticated() .mvcMatchers("/cargos","/cargos/**").authenticated() .mvcMatchers("/convocatorias","/convocatorias/**").authenticated() .mvcMatchers("/tecnologias","/tecnologias/**").authenticated() .mvcMatchers("/cumples","/cumples/**").authenticated() .mvcMatchers("/beneficios","/beneficios/**").authenticated() .mvcMatchers("/postulantes","/postulantes/**").authenticated() .mvcMatchers("/edit-user-data").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .usernameParameter("email") .defaultSuccessUrl("/home") .permitAll() .and() .logout() .logoutUrl("/logout") .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")) .clearAuthentication(true) .invalidateHttpSession(true) .deleteCookies("JSESSIONID", "remember-me") .logoutSuccessUrl("/login"); } }