0

I try to do the Java annotation based Spring security configuration. I do this after following a tutorial and have the code as provided, 

@Configuration
@EnableWebSecurity
// need to change this to the security directory
@ComponentScan("")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {

        auth.inMemoryAuthentication()
                .withUser("temporary").password("temporary").roles("ADMIN")
                .and()
                .withUser("user").password("userPass").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .exceptionHandling()
                .authenticationEntryPoint(restAuthenticationEntryPoint)
                .and()
                .authorizeRequests()
                .antMatchers("/api/foos").authenticated()
                .and()
                .formLogin()
                .successHandler(authenticationSuccessHandler)
                .failureHandler(new SimpleUrlAuthenticationFailureHandler())
                .and()
                .logout();
    }

    @Bean
    public MySavedRequestAwareAuthenticationSuccessHandler mySuccessHandler() {
        return new MySavedRequestAwareAuthenticationSuccessHandler();
    }

    @Bean
    public SimpleUrlAuthenticationFailureHandler myFailureHandler() {
        return new SimpleUrlAuthenticationFailureHandler();
    }
}

The API base for the project I work, 

public static final String API_BASE = "/*";

For example, I do the cURL request like, 

curl -X GET http://localhost:8080/rest/wallet/wallets | json

I'm not sure about the .antMatchers("/api/foos").authenticated() line in the code. For example, from where the foos is coming and do I need to change it to something like .antMatchers("/foos").authenticated()?

Arefe
  • 11,321
  • 18
  • 114
  • 168

1 Answers1

2

If you are new to programming, its a valid question. But get used to it. All the examples would usually have 'foo' and 'bar' as sample variables, method names etc.

Anyways, the .antMatchers("/api/foos").authenticated() specifies that the pattern URL that matches /api/foo need to be authenticated and then the following handlers should be used.

Change the pattern to your matching one - .antMatchers("/rest/wallet/**") and test your code.

For more reference - read this post : When to use Spring Security`s antMatcher()?

Karthik R
  • 5,523
  • 2
  • 18
  • 30
  • So I have path like `@Path("rest/wallet")`, `@Path("rest/service")` and `@Path("rest/user")` and I have used the matches like `.antMatchers("rest/wallet/**").authenticated() .antMatchers("rest/user/**").authenticated() .antMatchers("rest/service/**").authenticated()`. Is it correct now? Let me know and I will accept your answer. – Arefe Sep 05 '17 at 04:42
  • 1
    Seems fine to me. Just start the URL context path with / like /rest/wallet(Consider having the root path @Path("/rest") on top of class so you don't have to repeat the root context all the time). I just gave you the context where to look out. Explore more and proceed forward. More you get stuck, more you learn. :) – Karthik R Sep 05 '17 at 05:14
  • This is indeed true for programming, sometimes you just don't feel the energy to push more :) – Arefe Sep 05 '17 at 05:15