In Below example
- / – permitted for all
- /profile – permitted for only logged in user without any role
- /user – permitted for logged in user with role USER
- /admin – permitted for logged in user with role ADMIN
- /useroradmin – permitted for logged in user with role ADMIN and USER
App.java
package com.springSecurity;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.ApplicationContext;
@SpringBootApplication
(exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class})
public class App {
public static void main(String[] args) {
ApplicationContext applicationContext = SpringApplication.run(App.class, args);
}
}
SecurityConfig.java
package com.springSecurity;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
@ConditionalOnProperty (name = "myproject.security.enabled", havingValue = "true", matchIfMissing = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password(passwordEncoder().encode("admin")).roles("ADMIN")
// .withUser("admin").password("admin").roles("ADMIN")
.and()
.withUser("user").password(passwordEncoder().encode("user")).roles("USER");
// .withUser("user").password("user").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()//bypass authetication and authorization
.antMatchers("/profile").authenticated()//Authentication only required
.antMatchers("/user").hasRole("USER")//Authetication and Authorization required
.antMatchers("/admin").hasRole("ADMIN")//Authetication and Authorization required
.antMatchers("/useroradmin").hasAnyRole("ADMIN","USER")//Either admin or user role required
.and()
.httpBasic();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Bean
PasswordEncoder passwordEncoder() {
// return NoOpPasswordEncoder.getInstance();
return new BCryptPasswordEncoder();
}
}
build.gradle
plugins { id 'java' id 'org.springframework.boot' version '2.0.5.RELEASE' id 'io.spring.dependency-management' version '1.0.7.RELEASE' } repositories { jcenter() } dependencies { implementation 'com.google.guava:guava:28.0-jre' testImplementation 'junit:junit:4.12' implementation 'org.springframework.boot:spring-boot-dependencies:2.0.5.RELEASE' implementation 'org.springframework.boot:spring-boot-starter-web' testImplementation 'org.springframework.boot:spring-boot-starter-test' //Oracle Integration implementation 'com.oracle.ojdbc:ojdbc8:19.3.0.0' implementation 'org.springframework:spring-jdbc:3.2.0.RELEASE' //Spring Security implementation 'org.springframework.boot:spring-boot-starter-security:2.4.4' components { withModule('org.springframework:spring-beans') { allVariants { withDependencyConstraints { it.findAll { it.name == 'snakeyaml' }.each { it.version { strictly '1.19' } } } } } } } bootJar { mainClassName = 'SpringSecurity.App' }
application.properties
server.port=9191
logging.level.org.springframework=DEBUG
#security.ignored=/**
myproject.security.enabled=true
Reference :
Code :
- Git Hub – branch : spring-security-authorization