Fincer
/
java-bookstore
mirror of https://github.com/Fincer/java-bookstore
1
0
Fork 0
Code Issues 0 Releases 4 Wiki Activity
Browse Source

Spring security: Fix access to H2 console; update config 

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
v0.0.3-alpha
Pekka Helenius 4 years ago
parent
6878dff1d2
commit
21526b1a55
2 changed files with 14 additions and 11 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +13
    -11
      bookstore/src/main/java/com/fjordtek/bookstore/config/WebSecurityConfig.java
  2. +1
    -0
      bookstore/src/main/resources/templates/fragments/devusers.html

+ 13
- 11
bookstore/src/main/java/com/fjordtek/bookstore/config/WebSecurityConfig.java View File

@ -40,16 +40,12 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailServiceImpl userDetailService;
@Autowired
private static BookStoreAccessDeniedHandler bookStoreAccessDeniedHandler;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authManagerBuilder)
throws Exception {
authManagerBuilder.userDetailsService(userDetailService);
}
/*
* Have different HTTP security policies for:
*
@ -70,9 +66,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
authorize -> authorize
.anyRequest().hasAuthority("ADMIN")
)
.httpBasic()
.httpBasic()
.and()
.csrf().disable()
.csrf()
.disable()
;
}
@ -89,9 +86,11 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
*/
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers(
"/h2-console/**",
"/",
"/booklist",
"/error",
@ -105,24 +104,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.authenticated()
.and()
.formLogin()
// TODO do not expose /login URI end point (prevent direct access)
.defaultSuccessUrl("/booklist")
// .loginPage("/booklist")
// .permitAll()
.defaultSuccessUrl("/booklist")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/booklist")
.permitAll()
.invalidateHttpSession(true)
.clearAuthentication(true)
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling()
.accessDeniedHandler(bookStoreAccessDeniedHandler)
.accessDeniedHandler(new BookStoreAccessDeniedHandler())
.and()
.csrf()
.ignoringAntMatchers("/h2-console/**")
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.headers()
.frameOptions().sameOrigin()
;
}


+ 1
- 0
bookstore/src/main/resources/templates/fragments/devusers.html View File

@ -43,6 +43,7 @@
</tr>
</tbody>
</table>
<a href="/h2-console/">H2 database console</a>
</div>
</th:block>
</body>

Write Preview
Loading…
Cancel
Save