Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations

by

Waited for 2 days and didn’t get any help here. But my research provided me a solution 🙂

Solution

@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    private AuthenticationProvider authenticationProvider;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
    }

    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable()
                    .antMatcher("/api/**")
                    .authorizeRequests()
                        .anyRequest().hasAnyRole("ADMIN", "API")
                        .and()
                    .httpBasic();
        }
    }

    @Configuration
    @Order(2)
    public static class FormWebSecurityConfig extends WebSecurityConfigurerAdapter{

        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers("/css/**", "/js/**", "/img/**", "/lib/**");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable() //HTTP with Disable CSRF
                    .authorizeRequests() //Authorize Request Configuration
                        .antMatchers("/connect/**").permitAll()
                        .antMatchers("https://stackoverflow.com/", "/register").permitAll()
                        .antMatchers("/admin/**").hasRole("ADMIN")
                        .anyRequest().authenticated()
                        .and() //Login Form configuration for all others
                    .formLogin()
                        .loginPage("/login").permitAll()
                        .and() //Logout Form configuration
                    .logout().permitAll();
        }
    }
}

More Related Contents:

  1. Filter invoke twice when register as Spring bean
  2. How to enable HTTP response caching in Spring Boot
  3. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  4. Spring Security : Multiple HTTP Config not working
  5. How to get active user’s UserDetails
  6. Add context path to Spring Boot application
  7. Spring Boot Multiple Datasource
  8. CORS allowed-origin restrictions aren’t causing the server to reject requests
  9. Disable Spring Security for OPTIONS Http Method
  10. How to bind an object list with thymeleaf?
  11. How to set base url for rest in spring boot?
  12. Filter order in spring-boot
  13. No serializer found for class org.hibernate.proxy.pojo.bytebuddy.ByteBuddyInterceptor
  14. Spring Boot and custom 404 error page
  15. Multipart File upload Spring Boot
  16. How to get the current logged in user object from spring security?
  17. Spring security does not allow CSS or JS resources to be loaded
  18. how to display custom error message in jsp for spring security auth exception
  19. Spring Boot Actuator without Spring Boot
  20. Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
  21. How to apply Spring Security filter only on secured endpoints?
  22. Securing Spring Boot API with API key and secret
  23. What is username and password when starting Spring Boot with Tomcat?
  24. Difference between Interceptor and Filter in Spring MVC
  25. Spring security added prefix “ROLE_” to all roles name?
  26. Why this Spring application with java-based configuration don’t work properly
  27. How to re-create database before each test in Spring?
  28. How do I disable resolving login parameters passed as url parameters / from the url
  29. How do I add method based security to a Spring Boot project?
  30. How I create an error handler (404, 500…) in Spring Boot/MVC

Leave a Comment