set up proper login

author: realtradam <[email protected]> 2024-07-13 01:25:09 -0400
committer: realtradam <[email protected]> 2024-07-13 01:25:09 -0400
commit: ff63bacc647a20c59ce642a4d6b647c3a4290418 (patch)
tree: b98142b05a573915359a1eee62b6a45825e27d4e /src/main/java/com/blog/web/security/SecurityConfig.java
parent: 3ea4cd2f9b3808ef645092816d888de406580e6d (diff)
download: spring-blog-ff63bacc647a20c59ce642a4d6b647c3a4290418.tar.gz
spring-blog-ff63bacc647a20c59ce642a4d6b647c3a4290418.zip
1 files changed, 38 insertions, 0 deletions
diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java
new file mode 100644
index 0000000..1471d0f
--- /dev/null
+++ b/src/main/java/com/blog/web/security/SecurityConfig.java
@@ -0,0 +1,38 @@
+package com.blog.web.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
+public class SecurityConfig {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        // disabling csrf leaves us vulnerable, in a real production app do not do this
+        http.csrf(c -> c.disable())
+                .cors(c -> c.disable())
+                .authorizeHttpRequests( auths -> auths
+                        .requestMatchers("/login", "/register", "/articles", "/css/**", "/js/**")
+                        .permitAll()
+                )
+                .formLogin(form -> form
+                        .loginPage("/login")
+                        .usernameParameter("username")
+                        .passwordParameter("password")
+                        .defaultSuccessUrl("/articles")
+                        .loginProcessingUrl("/login")
+                        .failureUrl("/login?error=true")
+                        .permitAll()
+                ).logout(
+                        logout -> logout
+                                .logoutUrl("/logout")
+                                .logoutSuccessUrl("/articles"));
+        return http.build();
+    }
+}
author	realtradam <[email protected]>	2024-07-13 01:25:09 -0400
committer	realtradam <[email protected]>	2024-07-13 01:25:09 -0400
commit	ff63bacc647a20c59ce642a4d6b647c3a4290418 (patch)
tree	b98142b05a573915359a1eee62b6a45825e27d4e /src/main/java/com/blog/web/security/SecurityConfig.java
parent	3ea4cd2f9b3808ef645092816d888de406580e6d (diff)
download	spring-blog-ff63bacc647a20c59ce642a4d6b647c3a4290418.tar.gz spring-blog-ff63bacc647a20c59ce642a4d6b647c3a4290418.zip