2 files changed, 40 insertions, 1 deletions

diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java
new file mode 100644
index 0000000..1471d0f
--- /dev/null
+++ b/src/main/java/com/blog/web/security/SecurityConfig.java
@@ -0,0 +1,38 @@
+package com.blog.web.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
+public class SecurityConfig {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        // disabling csrf leaves us vulnerable, in a real production app do not do this
+        http.csrf(c -> c.disable())
+                .cors(c -> c.disable())
+                .authorizeHttpRequests( auths -> auths
+                        .requestMatchers("/login", "/register", "/articles", "/css/**", "/js/**")
+                        .permitAll()
+                )
+                .formLogin(form -> form
+                        .loginPage("/login")
+                        .usernameParameter("username")
+                        .passwordParameter("password")
+                        .defaultSuccessUrl("/articles")
+                        .loginProcessingUrl("/login")
+                        .failureUrl("/login?error=true")
+                        .permitAll()
+                ).logout(
+                        logout -> logout
+                                .logoutUrl("/logout")
+                                .logoutSuccessUrl("/articles"));
+        return http.build();
+    }
+}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 8cc70a2..102e2c2 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -6,4 +6,5 @@ spring.datasource.driver-class-name=org.postgresql.Driver
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.show-sql=true
 
-sprint.security.user.password=test
+spring.security.user.name=zxcv
+spring.security.user.password=zxcv