| package org.apache.juneau.petstore.config; |
| |
| import org.springframework.context.annotation.Configuration; |
| import org.springframework.http.HttpMethod; |
| import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; |
| |
| /** |
| * TODO - Needs documentation |
| */ |
| @Configuration |
| public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{ |
| |
| @Override |
| protected void configure(AuthenticationManagerBuilder auth) throws Exception { |
| |
| auth.inMemoryAuthentication() |
| .withUser("user").password("{noop}password").roles("USER") |
| .and() |
| .withUser("admin").password("{noop}password").roles("USER", "ADMIN"); |
| |
| } |
| |
| @Override |
| protected void configure(HttpSecurity http) throws Exception { |
| |
| http |
| .httpBasic() |
| .and() |
| .authorizeRequests() |
| // .antMatchers(HttpMethod.POST, "/petstore/pet").hasRole("ADMIN") |
| .antMatchers(HttpMethod.PUT, "/petstore/pet/**").hasRole("ADMIN") |
| .antMatchers(HttpMethod.DELETE, "/petstore/pet/**").hasRole("ADMIN") |
| .and() |
| .csrf().disable() |
| .formLogin().disable(); |
| } |
| |
| } |
