eugenp · eugenp · Feb 24, 2015 · Feb 24, 2015
diff --git a/...-security-login-and-registration/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/...-security-login-and-registration/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -4,24 +4,78 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.ImportResource;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 
 @Configuration
 @ComponentScan(basePackages = { "org.baeldung.security" })
-@ImportResource({ "classpath:webSecurityConfig.xml" })
-public class SecSecurityConfig {
+@EnableWebSecurity
+public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
     private UserDetailsService userDetailsService;
 
+    @Autowired
+    private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
+
     public SecSecurityConfig() {
         super();
     }
 
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(authProvider());
+    }
+
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/resources/**");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+            .csrf().disable()
+            .authorizeRequests()
+                .antMatchers("/j_spring_security_check*","/login*", "/logout*", "/signin/**", "/signup/**",
+                        "/user/registration*", "/regitrationConfirm*", "/expiredAccount*", "/registration*", 
+                        "/badUser*", "/user/resendRegistrationToken*" ,"/forgetPassword*", "/user/resetPassword*", 
+                        "/user/changePassword*", "/emailError*", "/resources/**").permitAll()
+                .antMatchers("/invalidSession*").anonymous()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin()
+                .loginPage("/login.html")
+                .loginProcessingUrl("/j_spring_security_check")
+                .defaultSuccessUrl("/homepage.html")
+                .failureUrl("/login.html?error=true")
+                .successHandler(myAuthenticationSuccessHandler)
+                .usernameParameter("j_username")
+                .passwordParameter("j_password")
+            .permitAll()
+                .and()
+            .sessionManagement()
+                .invalidSessionUrl("/invalidSession.html")
+                .sessionFixation().none()
+            .and()
+            .logout()
+                .invalidateHttpSession(false)
+                .logoutUrl("/j_spring_security_logout")
+                .logoutSuccessUrl("/logout.html?logSucc=true")
+                .deleteCookies("JSESSIONID")
+                .permitAll();
+     // @formatter:on
+    }
+
     // beans
 
     @Bean

diff --git a/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/forgetPassword.jsp b/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/forgetPassword.jsp
@@ -26,7 +26,7 @@
 <td><input id="email" name="email" type="email" value="" /></td>
 </tr>
 
-<button type="submit" onclick="resetPass()">
+<button class="btn btn-primary" type="submit" onclick="resetPass()">
 <spring:message code="message.resetPassword"></spring:message>
 </button>
 </div>

diff --git a/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/login.jsp b/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/login.jsp
@@ -90,7 +90,7 @@ ${param.message}
 						<td><input type='password' name='j_password' /></td>
 					</tr>
 					<tr>
-						<td><input name="submit" type="submit"
+						<td><input class="btn btn-primary" name="submit" type="submit"
 							value=<spring:message code="label.form.submit"></spring:message> /></td>
 					</tr>
 				</table>

diff --git a/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/registration.jsp b/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/registration.jsp
@@ -43,7 +43,7 @@
 					<td><form:input path="matchingPassword" value="" type="password" /></td>
 					<form:errors cssClass="alert alert-error" element="div" />
 				</tr>
-				<button type="submit">
+				<button type="submit" class="btn btn-primary">
 					<spring:message code="label.form.submit"></spring:message>
 				</button>
 			</form:form>

diff --git a/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/updatePassword.jsp b/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/updatePassword.jsp
@@ -34,7 +34,7 @@
                     </td>
                 </tr>
                 <br><br>
-                <button type="submit" onclick="savePass()">
+                <button class="btn btn-primary" type="submit" onclick="savePass()">
                     <spring:message code="message.updatePassword"></spring:message>
                 </button>
             </div>