step 1. open dilsecodie.com .
step 2 . Make config class in your spring boot project .
step 3: Make class Security Config extends WebSecurityConfigurerAdapter
step 4 ; check spring security dependency
step 5 : copy code from dilsecodie https://dilsecodie.com/sourcecode/topic/Spring- Boot/tutorial/Spring- security
step 6: paste in your class checks all pages your need in security.
step 7: check your security will run, or you may customize according to your project
step 8 : still have an issue then ask doubt in ask question, section get an answer from an expert.
lets me example you for spring security its core part of spring which can be implemented by using some import packages :
import org.spring framework.boot.autoconfigure.EnableAutoConfiguration; - for enable autoconfig
using spring in it ,
security.crypto.bcrypt.BCryptPasswordEncoder; is used to decrypt the password submitted by the user end.
@EnableWebSecurity this annotation is used to enable auto security feature in your security class when using embedded. packages.
SecurityConfig extends WebSecurityConfigurerAdapter if suppose your security config is your class then its extends Web security method in your security class,
protected void configure(HttpSecurity HTTP) using this method in your security class provide you HTTP method with so to develop security method for it.
then in your security class use http.csrf().disable().authorizeRequests() - for .antMatchers( ) pass all the endpoints which you need to secure , so that these URL cant be access without login auth.
.antMatchers(adminService.getAllAccess().toString()).authenticated() - this line most important bcoz when we use its provide all access auth case .
when any user login then request first handled by spring security like .successHandler(customSuccessHandler) - these methods use customsuccesshandler class to valid-user, if so then only sessionid will be provided to that request.
if any request failed to authenticate then that case will be .failureHandler(customFailureHanler) - which means the custom failure handler class will provide an invalid token and a custom message to request..
But when we implement spring security in our project then any URL cant be accessed from any request it needed cross from spring security which means then how to access the index page to start the application in that case we use .loginPage(Constants.INDEX_PAGE).permitAll() - this method provides all permit to index page without any validation process.
Now will talk about success part after that session will be provided for that user., but we need to check every request having valid session or not that an be done by using invalid session URL method for ex :invalidSessionUrl(Constants.SESSION_EXPIRED).sessionFixation().migrateSession().and().httpBasi()
but we need to implement .deleteCookies("JSESSIONID") - delete cookies method to delete jsessionid also after any invalid session or session expire .
No comments:
Post a Comment