33 lines
1.6 KiB
Kotlin
33 lines
1.6 KiB
Kotlin
package com.chantha.mini.config
|
|
|
|
import org.springframework.context.annotation.Configuration
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher
|
|
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
|
class WebSecurityConfig : WebSecurityConfigurerAdapter() {
|
|
@Throws(Exception::class)
|
|
override fun configure(auth: AuthenticationManagerBuilder) {
|
|
auth.inMemoryAuthentication().withUser("admin").password("{noop}admin").roles("ADMIN")
|
|
.and().withUser("dba").password("{noop}dba").roles("DBA")
|
|
.and().withUser("user").password("user").roles("USER")
|
|
}
|
|
|
|
@Throws(Exception::class)
|
|
override fun configure(http: HttpSecurity) {
|
|
http.formLogin()
|
|
http.logout().logoutRequestMatcher(AntPathRequestMatcher("/logout"))
|
|
http.authorizeRequests()
|
|
.antMatchers("/admin/**").hasAnyRole("ADMIN")
|
|
.antMatchers("/dba/**").hasAnyRole("ADMIN", "DBA")
|
|
.antMatchers("/user/**").hasAnyRole("ADMIN", "DBA", "USER")
|
|
http.csrf().disable()
|
|
}
|
|
} |