import org.pac4j.core.config.Config; import org.pac4j.core.profile.CommonProfile; import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer; import org.pac4j.http.client.direct.DirectBasicAuthClient; import org.pac4j.http.client.indirect.FormClient; import org.pac4j.http.client.indirect.IndirectBasicAuthClient; import org.pac4j.springframework.security.authentication.ClientAuthenticationProvider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class SecurityConfig { @Autowired private UserService userService; @Bean public Config securityConfig() { Config config = new Config(); DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(new DemoDirectAuthenticator(userService)); FormClient formClient = new FormClient("/login", new DemoFormAuthenticator(userService)); config.getClients().add(directBasicAuthClient); config.getClients().add(formClient); config.setAuthorizationGenerator((context, profiles) -> { profiles.forEach(profile -> profile.addRole("user")); return true; }); RequireAnyRoleAuthorizer requireAnyRoleAuthorizer = new RequireAnyRoleAuthorizer("admin"); config.addAuthorizer("admin", requireAnyRoleAuthorizer); ClientAuthenticationProvider authenticationProvider = new ClientAuthenticationProvider(); authenticationProvider.setClients(directBasicAuthClient, formClient); config.setClientAuthenticationProvider(authenticationProvider); return config; } }