Update with Filter Chain

sathish-kumar-G · Jan 2, 2023 · d71615c · d71615c
1 parent f14f60f
commit d71615c
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 17 deletions.
diff --git a/src/main/java/net/breezeware/security/configuration/ApplicationSecurityConfig.java b/src/main/java/net/breezeware/security/configuration/ApplicationSecurityConfig.java
@@ -13,6 +13,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import static net.breezeware.security.enumeration.UserPermission.COURSE_WRITE;
@@ -21,6 +22,37 @@
 @Configuration
 @EnableWebSecurity
 public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
+
+/*    //Current Scenario
+SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
+    return httpSecurity.csrf().disable().authorizeRequests()
+            .antMatchers("/", "index", "/css/*", "/js/*").permitAll()
+            .antMatchers("/api/**").hasRole(STUDENT.name())
+            *//* .antMatchers(HttpMethod.DELETE,"/management/api/**").hasAuthority(COURSE_WRITE.getPermissions())
+             .antMatchers(HttpMethod.POST,"/management/api/**").hasAuthority(COURSE_WRITE.getPermissions())
+             .antMatchers(HttpMethod.PUT,"/management/api/**").hasAuthority(COURSE_WRITE.getPermissions())
+             .antMatchers(HttpMethod.GET,"/management/api/**").hasAnyRole(ADMIN.name(), ADMINTRAINEE.name())*//*
+            .anyRequest().authenticated()
+            .and()
+            // .httpBasic(); //Basic Authentication
+            .formLogin()  //Form Based Authentication
+            .loginPage("/login").permitAll() //Permit All Users in Login Page
+            .defaultSuccessUrl("/courses",true)//After SuccessFul Login go to this URL
+            .usernameParameter("username")
+            .passwordParameter("password")
+            .and()
+            .rememberMe()//It is Remember the Session Time
+            .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(21)) //21 Hours
+            .key("SomeStringValue")
+            .rememberMeParameter("remember-me")
+            .and()
+            .logout().logoutUrl("/logout") //Set the Logout URL
+            .logoutRequestMatcher(new AntPathRequestMatcher("/logout","GET"))
+            .clearAuthentication(true)  //Clear Authentication
+            .invalidateHttpSession(true)  //Clear Session
+            .deleteCookies("JSESSIONID","remember-me") //Delete the Cookies
+            .logoutSuccessUrl("/login").and().build(); //After Logout go to this URL
+}*/
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
@@ -36,19 +68,22 @@ protected void configure(HttpSecurity http) throws Exception {
                 .and()
                // .httpBasic(); //Basic Authentication
                 .formLogin()  //Form Based Authentication
-                .loginPage("/login").permitAll() //Permit All Users in Login Page
-                .defaultSuccessUrl("/courses",true)//After SuccessFul Login go to this URL
-                .and()
-                .rememberMe()//It is Remember the Session Time
+                   .loginPage("/login").permitAll() //Permit All Users in Login Page
+                   .defaultSuccessUrl("/courses",true)//After SuccessFul Login go to this URL
+                   .usernameParameter("username")
+                   .passwordParameter("password")
+                   .and()
+                   .rememberMe()//It is Remember the Session Time
                       .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(21)) //21 Hours
                       .key("SomeStringValue")
+                      .rememberMeParameter("remember-me")
                 .and()
                 .logout().logoutUrl("/logout") //Set the Logout URL
-                .logoutRequestMatcher(new AntPathRequestMatcher("/logout","GET"))
-                .clearAuthentication(true)  //Clear Authentication
-                .invalidateHttpSession(true)  //Clear Session
-                .deleteCookies("JSESSIONID","remember-me") //Delete the Cookies
-                .logoutSuccessUrl("/login"); //After Logout go to this URL
+                  .logoutRequestMatcher(new AntPathRequestMatcher("/logout","GET"))
+                  .clearAuthentication(true)  //Clear Authentication
+                  .invalidateHttpSession(true)  //Clear Session
+                  .deleteCookies("JSESSIONID","remember-me") //Delete the Cookies
+                  .logoutSuccessUrl("/login"); //After Logout go to this URL
     }
 
     @Override

diff --git a/src/main/resources/templates/courses.html b/src/main/resources/templates/courses.html
@@ -1,10 +1,21 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Courses</title>
+<html lang="en"><head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <title>Please sign in</title>
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M" crossorigin="anonymous">
+    <link href="https://getbootstrap.com/docs/4.0/examples/signin/signin.css" rel="stylesheet" crossorigin="anonymous">
+
 </head>
 <body>
-<h1>Welcome to Course Page</h1>
-</body>
-</html>
+<h1>Welcome to Courses</h1>
+<h1>Spring Boot Security </h1>
+<div class="container">
+    <form class="form-signin" method="get" action="/logout">
+
+
+        <button class="btn btn-lg btn-primary btn-block" type="submit">Logout</button>
+    </form>
+</div>
+</body></html>