Scribd Logo
Upload

Welcome to Scribd!

  • Authorization

    Uploaded by

    Laura Dancoso
    21 views2 pages
    The document discusses configuring Spring Security to secure web requests in Java applications. It shows how to use the HttpSecurity class to restrict access to URLs with certain roles, enable form-based login, and make POST requests with form data to login and authenticate users. Key endpoints like "/admin/**" can be limited to users with the "ADMIN" role. Form login is enabled to handle login requests, and Fetch API examples are given for submitting username and password form data to the login endpoint to authenticate users.

    Original Description:

    SpringSecurity Spring Boot

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses configuring Spring Security to secure web requests in Java applications. It shows how to use the HttpSecurity class to restrict access to URLs with certain roles, enable form-based login, and make POST requests with form data to login and authenticate users. Key endpoints like "/admin/**" can be limited to users with the "ADMIN" role. Form login is enabled to handle login requests, and Fetch API examples are given for submitting username and password form data to the login endpoint to authenticate users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    21 views2 pages

    Authorization

    Uploaded by

    Laura Dancoso
    The document discusses configuring Spring Security to secure web requests in Java applications. It shows how to use the HttpSecurity class to restrict access to URLs with certain roles, enable form-based login, and make POST requests with form data to login and authenticate users. Key endpoints like "/admin/**" can be limited to users with the "ADMIN" role. Form login is enabled to handle login requests, and Fetch API examples are given for submitting username and password form data to the login endpoint to authenticate users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Authorization

    Overriding WebSecurityConfigurerAdapter configure method

    1 @Override
    2 protected void configure(HttpSecurity http) throws Exception {}
    3 http.
    4 formLogin()

    formLogin()

    formLogin() docs

    Method to configure form login. By default provides a login page (not restfull).

    logout()

    Spring Security Logout | Baeldung

    antMatchers()
    HttpSecurity (Spring Security 3.2.3.RELEASE API)

    java - Use Spring Security Filter to lock down everything except a few routes - Stack Overflow

    antPatterns:
    The mapping matches URLs using the following rules:

    ? matches one character.


    * matches zero or more characters.
    ** matches zero or more directories in a path.
    {spring:[a-z]+} matches the regexp [a-z]+ as a path variable named “spring”.

    Examples

    com/t?st.jsp — matches com/test.jsp but also com/tast.jsp or com/txst.jsp


    com/*.jsp — matches all .jsp files in the com directory
    com/**/test.jsp — matches all test.jsp files underneath the com path
    org/springframework/*/.jsp — matches all .jsp files underneath the org/springframework path
    org/**/servlet/bla.jsp — matches org/springframework/servlet/bla.jsp but also
    org/springframework/testing/servlet/bla.jsp and org/servlet/bla.jsp
    com/{filename:\w+}.jsp will match com/test.jsp and assign the value test to the filename variable

    Examples:

    1 // protected void configure...


    2 http
    3 .authorizeRequest()
    4 .antMatchers("/admin/**").hasRole("ADMIN")
    5 .antMatchers("/**").hasRole("USER")
    6
    7 .and()
    .formLogin()

    Matchers are considered in order. After a match the following are ignored until the and().
    First goes the most restrictive rule.

    formLogin()
    HttpSecurity (Spring Security 3.2.3.RELEASE API)

    1 @Override
    2 protected void configure(HttpSecurity http) throws Exception {
    3 http
    4 .authorizeRequests()
    5 .antMatchers("/**").hasRole("USER")
    6 .and()
    7 .formLogin(); // autogenerated login page.
    8 }

    Fetch API
    How to make a post request with JSON data in application/x-www-form-urlencoded · Issue #263 · github/fetch
    · GitHub

    1 // Assuming that the formLogin() accept username and password.


    2 const login = async (username, password) => {
    3 const body = new URLSearchParams({
    4 username,
    5 password
    6 })
    7
    8 try {
    9
    10 const response = await fetch("http://localhost:8080/login", {
    11 method: "POST",
    12 headers: {
    13 "Content-Type": "x-www-form-urlencoded"
    14 },
    15 body
    16 });
    17
    18 console.log(response);
    19
    20 } catch(err) {
    21
    22 console.log(err);
    23
    24 }
    25 }

    You might also like