@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
httpSecurity.headers().frameOptions().disable();
httpSecurity
.authorizeRequests()
.antMatchers("/console/**")
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/")
.permitAll()
.antMatchers("/javax.faces.resource/**")
.permitAll()
.antMatchers("/register.jsf", "/login.jsf")
.not()
.authenticated()
.antMatchers("/roles.jsf")
.hasAuthority(Role.ADMIN.name())
.antMatchers("/enter.jsf")
.hasAnyAuthority(Role.ADMIN.name(), Role.USER.name())
.anyRequest()
.fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login.jsf")
.failureUrl("/login.jsf?error=wrong")
.defaultSuccessUrl("/index.jsf")
.usernameParameter("username")
.passwordParameter("password")
.permitAll(false)
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login.jsf")
.clearAuthentication(true)
.invalidateHttpSession(true)
.permitAll()
.and()
.exceptionHandling()
.accessDeniedPage("/index.jsf");
}
public boolean isAdmin() {
return Role.ADMIN.equals(role);
}
