Hi i have created a sample spring mvc security application.I'm following java code based configuration rather than xml configuration.The application working fine. But , a user can access each and every url without login the application. How can i resolve this problems??
i want , users must not be access url without login process.
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.headers()
.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN)).and()
.formLogin().defaultSuccessUrl("/admin/home")
.loginPage("/login").failureUrl("/login?error")
.permitAll().and().logout()
.logoutSuccessUrl("/login?logout").logoutUrl("/logout")
.permitAll().and().authorizeRequests().antMatchers("/**")
.permitAll().anyRequest().authenticated().and();
}
/*
* @Override protected void configure(AuthenticationManagerBuilder auth)
* throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(customUserDetailsService);
}
}
Aucun commentaire:
Enregistrer un commentaire