@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/","/login","/resources/*","/favicon.ico").permitAll()
.antMatchers("/user/**").access("hasRole('ROLE_USER')")
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_SUPER_ADMIN')")
.and()
.formLogin()
.loginProcessingUrl("/login")
.loginPage("/login")
.successHandler(authenticationSuccessHandler)
.failureUrl("/login?error=true")
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login")
.and().csrf().disable();
}
public class CustomUserDetails implements UserDetails@Override
public boolean isAccountNonLocked() {
return true;
}
Простой
Средний
Простой
Простой
Простой