1 package org.oxerr.spring.security.otp.samples.helloworld;
2
3 import org.oxerr.spring.security.otp.config.annotation.web.configurers.OTPLoginConfigurer;
4 import org.oxerr.spring.security.otp.core.OTPAuthenticationService;
5 import org.springframework.beans.factory.annotation.Autowired;
6 import org.springframework.context.annotation.Bean;
7 import org.springframework.context.annotation.Configuration;
8 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
9 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
10 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
11 import org.springframework.security.core.userdetails.User;
12 import org.springframework.security.core.userdetails.UserDetails;
13 import org.springframework.security.core.userdetails.UserDetailsService;
14 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
15 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
16
17 @Configuration
18 @EnableWebSecurity
19 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
20
21 @Autowired
22 private OTPAuthenticationService otpAuthenticationService;
23
24 @Override
25 protected void configure(HttpSecurity http) throws Exception {
26 http
27 .authorizeRequests()
28 .antMatchers("/", "/home", "/otp").permitAll()
29 .anyRequest().authenticated()
30 .and()
31 .formLogin()
32 .loginPage("/login")
33 .permitAll()
34 .and()
35 .logout()
36 .permitAll()
37 .and()
38 .apply(new OTPLoginConfigurer<>(otpAuthenticationService));
39 }
40
41 @Bean
42 @Override
43 public UserDetailsService userDetailsService() {
44 UserDetails user = User.builder()
45 .passwordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder()::encode)
46 .username("user")
47 .password("password")
48 .roles("USER")
49 .build();
50
51 return new InMemoryUserDetailsManager(user);
52 }
53
54 }