WebSecurityConfiguration.java (1634B)
1 package xyz.kebigon.securefiles; 2 3 import org.springframework.beans.factory.annotation.Value; 4 import org.springframework.context.annotation.Bean; 5 import org.springframework.context.annotation.Configuration; 6 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 7 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 8 import org.springframework.security.core.userdetails.User; 9 import org.springframework.security.core.userdetails.UserDetails; 10 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 11 import org.springframework.security.crypto.password.PasswordEncoder; 12 import org.springframework.security.provisioning.InMemoryUserDetailsManager; 13 import org.springframework.security.web.SecurityFilterChain; 14 15 @Configuration 16 @EnableWebSecurity 17 public class WebSecurityConfiguration 18 { 19 @Value("${spring.security.user.name}") 20 private String username; 21 @Value("${spring.security.user.password}") 22 private String password; 23 24 @Bean 25 public InMemoryUserDetailsManager userDetailsService() 26 { 27 final UserDetails user = User.withUsername(username).password(password).roles("USER").build(); 28 return new InMemoryUserDetailsManager(user); 29 } 30 31 @Bean 32 public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception 33 { 34 http // 35 .csrf().disable() // 36 .authorizeRequests() // 37 .mvcMatchers("/download/**").anonymous() // 38 .anyRequest().fullyAuthenticated() // 39 .and() // 40 .formLogin().and() // 41 .httpBasic(); 42 43 return http.build(); 44 } 45 46 @Bean 47 public PasswordEncoder passwordEncoder() 48 { 49 return new BCryptPasswordEncoder(); 50 } 51 }