[java brains] Filters , Configure

Spring Security Filter checks all the request before servelt handles.

 

what does it do? when you add spring - security - starter

1. Adds mandatory authentication for URLs except for /error
2. Adds login form
3. Handles login error
4. Creates a user and sets a default password

you can also create your own ID and PASSWORD by writing this in your application.yml

spring:
  security:
    user:
      name: tony
      password: 1234

 

Basic Configure

Authentication Manager "authenticate" every thing

but we dont directly deal with Authentication Mangaer we configure AM using AMBuilder

spring security gives access to AMBuilder by overriding configure method in WebSecurityConfigureAdapter (one of many hanlderapdater in spring)

if you don't override spring security use default just like we have seen before.

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
       auth.inMemoryAuthentication()
               .withUser("blah")
               .password("blah")
               .roles("USER");
    }

    @Bean
    public PasswordEncoder getPasswordEncoder()
    {
        return NoOpPasswordEncoder.getInstance();
    }
}

What PasswordEncoder does is they hash the password and id but in my case we are not doing any encoding.
since @Bean is there Spring Security looks for it and user my PasswordEncoder for hashing id and password

 

Authentication Configure

This is the configuration we want to configure. we need HttpSecurity . and we can get it same way as AMBuilder     

by overriding other configure method

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
       auth.inMemoryAuthentication()
               .withUser("blah")
               .password("blah")
               .roles("USER")
               .and()
               .withUser("tony")
               .password("123")
               .roles("ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http.authorizeRequests()
                .antMatchers("/admin").hasRole("ADMIN")
                .antMatchers("/user").hasAnyRole("ADMIN","USER")
                .antMatchers("/").permitAll()
                .and()
                .formLogin();
    }

    @Bean
    public PasswordEncoder getPasswordEncoder()
    {
        return NoOpPasswordEncoder.getInstance();
    }
}