31 lines
1.5 KiB
Java
31 lines
1.5 KiB
Java
package fr.eni.enchere.security;
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
public class WebSecurityConfig {
|
|
|
|
@Bean
|
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
http.authorizeHttpRequests((requests) -> requests.requestMatchers("/", "/accueil").permitAll()
|
|
.requestMatchers("/accueil", "/login", "/inscription", "/searchArticle").permitAll()
|
|
.requestMatchers("/css/**", "/images/**", "/assets/**", "/img/**", "/js/**").permitAll()
|
|
.requestMatchers("/profile").hasAnyRole("MEMBRE", "ADMIN")
|
|
.requestMatchers("/admin").hasRole("MEMBRE")
|
|
.anyRequest().authenticated())
|
|
.formLogin((form) -> form.loginPage("/login").defaultSuccessUrl("/", true))
|
|
.logout((logout) -> logout.clearAuthentication(true).invalidateHttpSession(true)
|
|
.deleteCookies("JSESSIONID").logoutSuccessUrl("/filmLogout")
|
|
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll());
|
|
|
|
return http.build();
|
|
}
|
|
|
|
}
|