Hi guys, in this lesson we will customize web security configuration. To do it. First of all, let's create a new package under our main package. Our package name VOB config. Under config package, we will create web security config class. To customize our security configuration, we will extend web security configure adapter in our class web security config, we'll have configuration and enable web security annotations With this configuration we will override configure methods.

In configure methods, we will use cross origin resource sharing because we will work with different ports. And we will authorize all the guests. If there is any match with these items like resources, error, and service permits all often. These means these items can be reached by everybody without authentication. You can think authentication as logging operation. For example, we can reach everything start with resources path.

You can ask me why we define error. We defined error bad because when you get errors on siblings But like not found error separate, we'll redirect to error path. So we should define error. But the other question can be why we permit user operations. User operations are like, login and register. So these paths should be reachable and public for everybody and authenticate all remaining URLs.

Log out, we look to user hours by invalidating the HTTP session, and logos pads VOB service logout and login paths will be service login and enable the basic authentication disable cross site request forgery. cross site request forgery is an important attic. So we will talk about later. That's all about configures methods. Our second methods will be defining user details service. You know that in previous lesson we customized user need a service.

So we will define In security configuration class to do it, we will override configure method. This configure method is for overriding the default authentication manager wielder. We can specify how the user details are kept in the application. It may be in a database LDAP or in memory. First of all, let's call user details service with sibling auto wired annotation. Then we can override authentication manager builders configure method our authentication user service, we The user details serves.

In security configuration, we can also define password encoder. sibling Caz B crypt passport encoder. And with this encoder, you can produce unique encrypted password for each time. After describing passport and Caribbean, we should define it in our authentication manager be a little configure method like a pending password encoder method. Okay, that's all about spring security configuration. As final theme, this class is a configuration class so we can define new bean or we can customise other sibling configurations.

We should define a lowering origins for cross origin resource sharing, so we can define it here also, we can do it with using that mec configuration class. Let's create a method like course configures. In this method, we will override add course mappings methods. We will ello all origins for testing and this matter will be a separate being You know, spring beam is creating new instances and default instances are Singleton. So this will be created one time and we can reach it through our application. Okay, that's all thank you.