TwiN · May 14, 2018 18:53
diff --git a/SecurityConfiguration.java b/SecurityConfiguration.java
 package org.twinnation.stackoverflowspring.config;


 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.web.filter.GenericFilterBean;

 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;


 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 	
 	class LoginPageFilter extends GenericFilterBean {
 		@Override
 		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
 			if (SecurityContextHolder.getContext().getAuthentication() != null
 				&& SecurityContextHolder.getContext().getAuthentication().isAuthenticated()
 				&& ((HttpServletRequest)request).getRequestURI().equals("/login")) {
 				System.out.println("user is authenticated but trying to access login page, redirecting to /");
 				((HttpServletResponse)response).sendRedirect("/");
 			}
 			chain.doFilter(request, response);
 		}
 	}
 	
 	
 	@Override
 	protected void configure(HttpSecurity httpSecurity) throws Exception {
 		httpSecurity.addFilterBefore(
 			new LoginPageFilter(), DefaultLoginPageGeneratingFilter.class);
 		
 		httpSecurity.httpBasic()
 			.and()
 			.csrf().disable()
 			.headers().frameOptions().sameOrigin()
 			.and().formLogin().permitAll()
 			.and().authorizeRequests().antMatchers("/login").not().authenticated()
 			.and()
 			.authorizeRequests()
 				.anyRequest().authenticated();
 	}
 	
 	
 	@Bean
 	public PasswordEncoder passwordEncoder() {
 		return new BCryptPasswordEncoder();
 	}
 	
 	
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 		auth.inMemoryAuthentication()
 			.withUser("root").password(passwordEncoder().encode("root")).roles("USER");
 	}

 }
	package org.twinnation.stackoverflowspring.config;


	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.core.context.SecurityContextHolder;
	import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	import org.springframework.security.crypto.password.PasswordEncoder;
	import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
	import org.springframework.web.filter.GenericFilterBean;

	import javax.servlet.FilterChain;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import java.io.IOException;


	@Configuration
	@EnableWebSecurity
	@EnableGlobalMethodSecurity(prePostEnabled = true)
	public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

	class LoginPageFilter extends GenericFilterBean {
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
	if (SecurityContextHolder.getContext().getAuthentication() != null
	&& SecurityContextHolder.getContext().getAuthentication().isAuthenticated()
	&& ((HttpServletRequest)request).getRequestURI().equals("/login")) {
	System.out.println("user is authenticated but trying to access login page, redirecting to /");
	((HttpServletResponse)response).sendRedirect("/");
	}
	chain.doFilter(request, response);
	}
	}


	@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception {
	httpSecurity.addFilterBefore(
	new LoginPageFilter(), DefaultLoginPageGeneratingFilter.class);

	httpSecurity.httpBasic()
	.and()
	.csrf().disable()
	.headers().frameOptions().sameOrigin()
	.and().formLogin().permitAll()
	.and().authorizeRequests().antMatchers("/login").not().authenticated()
	.and()
	.authorizeRequests()
	.anyRequest().authenticated();
	}


	@Bean
	public PasswordEncoder passwordEncoder() {
	return new BCryptPasswordEncoder();
	}


	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.inMemoryAuthentication()
	.withUser("root").password(passwordEncoder().encode("root")).roles("USER");
	}

	}