spring-security-basic-config
tutorial, add a UserDetailsService
bean that configures an InMemoryUserDetailsManager
(technically this bean could exist in any @Configuration
class).ADMIN
user, and a standard USER
user. @Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.
withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build());
manager.createUser(User.
withDefaultPasswordEncoder()
.username("admin")
.password("password")
.roles("ADMIN")
.build());
return manager;
}
dashboard
page so it is accessible to any authenticated user./admin/
path requires the ADMIN
role./user/
path requires either the USER
or ADMIN
role.@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.mvcMatchers("/dashboard").authenticated()
.mvcMatchers("/user/**").hasAnyRole("USER","ADMIN")
.mvcMatchers("/admin/**").hasRole("ADMIN")
.mvcMatchers("/styles/**").permitAll()
.mvcMatchers("/signup").permitAll()
.anyRequest().denyAll()
)
.formLogin(formLogin ->
formLogin
.permitAll()
).logout(logout ->
logout
.permitAll());
}