ApressJavaCode
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/AppInitializer.java‎
Lines changed: 11 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/AppInitializer.java‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/AccessDeniedController.java‎
Lines changed: 15 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/AccessDeniedController.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/CustomErrorController.java‎
Lines changed: 15 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/CustomErrorController.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/HomeController.java‎
Lines changed: 15 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/HomeController.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/SecuredResourceController.java‎
Lines changed: 15 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/controller/SecuredResourceController.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/CustomAccessDeniedHandler.java‎
Lines changed: 17 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/CustomAccessDeniedHandler.java‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/CustomAuthenticationFailureHandler.java‎
Lines changed: 17 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/CustomAuthenticationFailureHandler.java‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/CustomAuthenticationSuccessHandler.java‎
Lines changed: 31 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/CustomAuthenticationSuccessHandler.java‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/SecurityConfig.java‎
Lines changed: 98 additions & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/java/com/baeldung/exceptionhandler/security/SecurityConfig.java‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎spring-security-modules/spring-security-core/src/main/resources/application.properties‎
Lines changed: 1 addition & 0 deletions b/‎spring-security-modules/spring-security-core/src/main/resources/application.properties‎
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,11 @@
+package com.baeldung.exceptionhandler;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class AppInitializer {
+    public static void main(String[] args) {
+        SpringApplication.run(AppInitializer.class, args);
+    }
+}
@@ -0,0 +1,15 @@
+package com.baeldung.exceptionhandler.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/access-denied")
+public class AccessDeniedController {
+
+    @GetMapping
+    public String accessDenied() {
+        return "/denied.html";
+    }
+}
@@ -0,0 +1,15 @@
+package com.baeldung.exceptionhandler.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping
+public class CustomErrorController {
+
+    @GetMapping("/customError")
+    public String customErrorController() {
+        return "/error";
+    }
+}
@@ -0,0 +1,15 @@
+package com.baeldung.exceptionhandler.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/home")
+public class HomeController {
+
+    @GetMapping
+    public String home() {
+        return "/index.html";
+    }
+}
@@ -0,0 +1,15 @@
+package com.baeldung.exceptionhandler.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/secured")
+public class SecuredResourceController {
+
+    @GetMapping
+    public String secureResource() {
+        return "/admin.html";
+    }
+}
@@ -0,0 +1,17 @@
+package com.baeldung.exceptionhandler.security;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exc) throws IOException {
+        response.sendRedirect("/access-denied");
+    }
+}
@@ -0,0 +1,17 @@
+package com.baeldung.exceptionhandler.security;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+
+public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException {
+        httpServletResponse.sendRedirect("/customError");
+    }
+}
@@ -0,0 +1,31 @@
+package com.baeldung.exceptionhandler.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
+
+        HttpSession session = httpServletRequest.getSession();
+        User authUser = (User) SecurityContextHolder.getContext()
+            .getAuthentication()
+            .getPrincipal();
+        session.setAttribute("username", authUser.getUsername());
+        session.setAttribute("authorities", authentication.getAuthorities());
+
+        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
+
+        httpServletResponse.sendRedirect("/home");
+    }
+}
@@ -0,0 +1,98 @@
+package com.baeldung.exceptionhandler.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+
+        UserDetails user = User.withUsername("user")
+            .passwordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder()::encode)
+            .password("password")
+            .roles("USER")
+            .build();
+
+        UserDetails admin = User.withUsername("admin")
+            .passwordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder()::encode)
+            .password("password")
+            .roles("ADMIN")
+            .build();
+
+        InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager();
+
+        userDetailsManager.createUser(user);
+        userDetailsManager.createUser(admin);
+
+        return userDetailsManager;
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+            .withUser("user")
+            .password("{noop}password")
+            .roles("USER")
+            .and()
+            .withUser("admin")
+            .password("{noop}password")
+            .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .httpBasic()
+            .disable()
+            .authorizeRequests()
+            .antMatchers("/login")
+            .permitAll()
+            .antMatchers("/customError")
+            .permitAll()
+            .antMatchers("/access-denied")
+            .permitAll()
+            .antMatchers("/secured")
+            .hasRole("ADMIN")
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .failureHandler(authenticationFailureHandler())
+            .successHandler(authenticationSuccessHandler())
+            .and()
+            .exceptionHandling()
+            .accessDeniedHandler(accessDeniedHandler())
+            .and()
+            .logout();
+    }
+
+    @Bean
+    public AuthenticationFailureHandler authenticationFailureHandler() {
+        return new CustomAuthenticationFailureHandler();
+    }
+
+    @Bean
+    public AuthenticationSuccessHandler authenticationSuccessHandler() {
+        return new CustomAuthenticationSuccessHandler();
+    }
+
+    @Bean
+    public AccessDeniedHandler accessDeniedHandler() {
+        return new CustomAccessDeniedHandler();
+    }
+
+}
@@ -0,0 +1 @@
+spring.thymeleaf.prefix=classpath:/templates/
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+spring.thymeleaf.prefix=classpath:/templates/`