attacomsian · November 18, 2020 10:04 · Dec 29, 2016 · Dec 28, 2016 · Dec 28, 2016 · Dec 28, 2016
diff --git a/AjaxAwareAuthenticationEntryPoint.java b/AjaxAwareAuthenticationEntryPoint.java
@@ -55,4 +55,12 @@ protected void configure(HttpSecurity http) throws Exception {
                 .and().exceptionHandling().authenticationEntryPoint(new AjaxAwareAuthenticationEntryPoint("/login"));
     }
 }
+**/
+
+/**
+$(document).ajaxError(function (e, xhr, options) {
+        if (xhr.status == 403) {
+            window.location.href = 'login';
+        }
+    });
 **/
diff --git a/AjaxAwareAuthenticationEntryPoint.java b/AjaxAwareAuthenticationEntryPoint.java
@@ -14,6 +14,23 @@ public void commence(HttpServletRequest request, HttpServletResponse response, A
     }
 }
 
+
+/**
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
+    }
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
@@ -36,4 +53,6 @@ protected void configure(HttpSecurity http) throws Exception {
                     .logout().logoutSuccessUrl("/login").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
                 .and().csrf()
                 .and().exceptionHandling().authenticationEntryPoint(new AjaxAwareAuthenticationEntryPoint("/login"));
-    }
+    }
+}
+**/
diff --git a/AjaxAwareAuthenticationEntryPoint.java b/AjaxAwareAuthenticationEntryPoint.java
@@ -13,3 +13,27 @@ public void commence(HttpServletRequest request, HttpServletResponse response, A
         }
     }
 }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                    .headers()
+                    .frameOptions().sameOrigin()
+                .and()
+                    .authorizeRequests()
+                    .antMatchers("/**/create", "/**/recognition", "/**/delete*", "/**/uploadFile*").authenticated()
+                    .antMatchers("/**").permitAll()
+                .and()
+                    .formLogin()
+                    .loginPage("/login?auth")
+                    .loginProcessingUrl("/login")
+                    .failureUrl("/login?error")
+                    .defaultSuccessUrl("/")
+                    .usernameParameter("userName")
+                    .passwordParameter("password")
+                    .permitAll()
+                .and()
+                    .logout().logoutSuccessUrl("/login").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
+                .and().csrf()
+                .and().exceptionHandling().authenticationEntryPoint(new AjaxAwareAuthenticationEntryPoint("/login"));
+    }
diff --git a/AjaxAwareAuthenticationEntryPoint.java b/AjaxAwareAuthenticationEntryPoint.java
@@ -0,0 +1,15 @@
+public class AjaxAwareAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
+    public AjaxAwareAuthenticationEntryPoint(String loginFormUrl) {
+        super(loginFormUrl);
+    }
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        String ajaxHeader = ((HttpServletRequest) request).getHeader("X-Requested-With");
+        if ("XMLHttpRequest".equals(ajaxHeader)) {
+            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Ajax Request Denied (Session Expired)");
+        } else {
+            super.commence(request, response, authException);
+        }
+    }
+}