@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.csrf().disable(); httpSecurity.headers().frameOptions().disable(); httpSecurity .authorizeRequests() .antMatchers("/console/**") .permitAll() .and() .authorizeRequests() .antMatchers("/") .permitAll() .antMatchers("/javax.faces.resource/**") .permitAll() .antMatchers("/register.jsf", "/login.jsf") .not() .authenticated() .antMatchers("/roles.jsf") .hasAuthority(Role.ADMIN.name()) .antMatchers("/enter.jsf") .hasAnyAuthority(Role.ADMIN.name(), Role.USER.name()) .anyRequest() .fullyAuthenticated() .and() .formLogin() .loginPage("/login.jsf") .failureUrl("/login.jsf?error=wrong") .defaultSuccessUrl("/index.jsf") .usernameParameter("username") .passwordParameter("password") .permitAll(false) .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/login.jsf") .clearAuthentication(true) .invalidateHttpSession(true) .permitAll() .and() .exceptionHandling() .accessDeniedPage("/index.jsf"); }
public boolean isAdmin() { return Role.ADMIN.equals(role); }