Tak wygląda moja klasa konfiguracji bezpieczeństwa :
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfigurationInMemory extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").
password(passwordEncoder().encode("password")).roles("USER");
auth.inMemoryAuthentication().withUser("admin").
password(passwordEncoder().encode("password")).roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().realmName("User Registration System").and()
.authorizeRequests()
.antMatchers("/template/login.html", "/template/home.html", "/index.html", "/")
.permitAll()
.anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/static/**", "/css/**", "/js/**", "/images/**");
}
}
Tak wygląda moja angularowa funkcja do logowania użytkownika
app.controller('loginController', function ($rootScope, $scope, $http, $location, $route) {
$scope.credentials = {};
$scope.resetForm = function () {
$scope.credentials = null;
};
var authenticate = function (credentials, callback) {
var headers = $scope.credentials ? {
authorization: "Basic" +
btoa($scope.credentials.username + ":" + $scope.credentials.password)
} : {};
$http.get('user', {
headers: headers
}).then(function (response) {
if (response.data.name) {
$rootScope.authenticated = true;
} else {
$rootScope.authenticated = false;
}
callback && callback();
}, function () {
$rootScope.authenticated = false;
callback && callback();
});
};
authenticate();
$scope.loginUser = function () {
authenticate($scope.credentials, function () {
if ($rootScope.authenticated) {
$location.path("/");
$scope.loginerror = false;
} else {
$location.path("/login");
$scope.loginerror = true;
}
})
}
});
Tak wygląda podstrona logowania która wywołuję tą funkcję :
<div class="container-fluid">
<div class="container">
<div class="panel panel-default">
<div class="alert alert-success">
<span class="lead">Login Page</span>
<p>Enter Username and Password</p>
<br/>
<div class="alert alert-danger" ng-show="loginerror">
There was a problem with loggin in. Please try again.
</div>
</div>
<div class="panel-body">
<div class="container">
<form ng-submit="loginUser()" name="myForm" class="form-horizontal">
<div class="row">
<div class="form-group col-md-12">
<label class="col-md-2 control-label" for="uname">Username</label>
<div class="col-md-7">
<input type="text" ng-model="credentials.username" id="uname"
class="form-control input-sm" placeholder="Enter Username"/>
</div>
</div>
</div>
<div class="row">
<div class="form-group col-md-12">
<label class="col-md-2 control-label" for="password">Password</label>
<div class="col-md-7">
<input type="password" ng-model="credentials.password" id="password"
class="form-control input-sm" placeholder="Enter Password" />
</div>
</div>
</div>
<div class="row">
<div class="form-actions floatRight">
<input type="submit" value="Login" class="btn btn-primary btn-sm">
<button type="button" ng-click="resetForm()" class="btn-warning btn-sm">
Reset Form
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
Tutaj link do repo z aplikacją :
[https://github.com/robertkonior/user-registration-system]
Dodam że logowanie z domyślenego pop-upowego okna logowania działało w miarę jak należy.
Byłbym bardzo wdzięczny gdyby ktoś pobrał kod z repo przedebugował i podzielił się wskazówkami co zrobić żeby działało i co źle zrobiłem :)
p.s. to mój pierwszy post tutaj także jak złamałem jakieś zasady zwróćcie mi uwagę .