@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
System.out.println("Vao password encoder");
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception{
System.out.println("I am here");
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers( "/register").permitAll()
.antMatchers("/").hasRole("MEMBER")
.antMatchers("/admin").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/login").permitAll()
.usernameParameter("email")
.passwordParameter("password")
.defaultSuccessUrl("/").permitAll()
.failureUrl("/login?error").permitAll()
.and()
.exceptionHandling()
.accessDeniedPage("/403");
// http.cors().and().csrf().disable();
// http.headers().frameOptions().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
}
I can't override default login template