Configure Spring MVC and set view controllers and templates.
/**
* App Configuration
*
* WebMvcConfigurer is used to configure view controllers
* that return HTML pages.
*
* AddViewControllers() method is used to register view controllers
* that map specific URLs to view names.
*
* In general, using @GetMapping annotations in your controller
* is the more common and flexible approach, but defining view controllers
* can be a useful tool in certain situations.
*/package com.minte9.security_auth;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ConfigurationpublicclassMvcConfigimplementsWebMvcConfigurer{
publicvoidaddViewControllers(ViewControllerRegistry registry){
registry.addViewController("/index").setViewName("index");
registry.addViewController("/user").setViewName("user");
}
}
Autorize
Configure security config, allowing access to index
/**
* Auth Security Configuration
*
* If you add Spring Security to your classpath (pom.xml),
* by default all endpoints will be secured.
*
* You can configure Spring Security to permit access to the index page
* while requiring authentication for the RESTful API endpoints.
*/package com.minte9.security_auth;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.*;
@Configuration@EnableWebSecuritypublicclassSecurityConfigextendsWebSecurityConfigurerAdapter{
@Overrideprotectedvoidconfigure(HttpSecurity http)throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/index").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
}
Store Password
Avoid storing raw password, bcrypt it with and Spring CLI.
spring encodepassword mypass
# {bcrypt}$2a$10$2wRXv3x28CiFAq966H93PeAvaRHKMF.ItkMC.CsPBdYTZ2xLO2sLy