1@EnableWebSecurity
2@Configuration
3public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
4
5 @Value("${app.basicAuthUserName}")
6 private String basicAuthUserName;
7
8 @Value("${app.basicAuthPassword}")
9 private String basicAuthPassword;
10 // add endpoint you want to protect to this list
11 private String[] basicAuthEndpoints = {"/mytendpoint/path"};
12
13 @Override
14 protected void configure(HttpSecurity http) throws Exception {
15 http.csrf().disable();
16 http.authorizeRequests().antMatchers(basicAuthEndpoints).fullyAuthenticated()
17 .and().httpBasic().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
18
19 }
20
21 @Autowired
22 public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
23 auth.inMemoryAuthentication().withUser(basicAuthUserName)
24 .password("{noop}" + basicAuthPassword).roles("USER");
25 }
26
27}