source: phonelux-backend/src/main/java/finki/it/phoneluxbackend/security/configs/WebSecurityConfig.java

Last change on this file was 47f4eaf, checked in by Marko <Marko@…>, 2 years ago

Final features implemented
  • Property mode set to 100644
File size: 3.3 KB
Line 
1package finki.it.phoneluxbackend.security.configs;
2
3import finki.it.phoneluxbackend.security.CustomAuthenticationFilter;
4import finki.it.phoneluxbackend.security.CustomAuthorizationFilter;
5import finki.it.phoneluxbackend.services.UserService;
6import lombok.AllArgsConstructor;
7import org.springframework.beans.factory.annotation.Autowired;
8import org.springframework.context.annotation.Bean;
9import org.springframework.context.annotation.Configuration;
10import org.springframework.security.authentication.AuthenticationManager;
11import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
12import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
13import org.springframework.security.config.annotation.web.builders.HttpSecurity;
14import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
15import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
16import org.springframework.security.config.http.SessionCreationPolicy;
17import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
18import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
19
20@Configuration
21@AllArgsConstructor
22@EnableWebSecurity
23public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
24
25 private final UserService userService;
26 private final BCryptPasswordEncoder bCryptPasswordEncoder;
27 @Override
28 protected void configure(HttpSecurity http) throws Exception {
29
30
31 http.csrf().disable();
32 http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
33
34 http.authorizeRequests()
35 .and()
36 .authorizeRequests()
37 .antMatchers("/user/**")
38 .hasAnyAuthority("USER","ADMIN", "SUPERADMIN")
39 .and()
40 .authorizeRequests()
41 .antMatchers("/management/**")
42 .hasAnyAuthority("SUPERADMIN")
43 .and()
44 .authorizeRequests()
45 .antMatchers("/admin/**")
46 .hasAnyAuthority("ADMIN","SUPERADMIN")
47 .and()
48 .authorizeRequests()
49 .antMatchers("/offerreport/**")
50 .hasAnyAuthority("USER", "ADMIN", "SUPERADMIN")
51 .and()
52 .authorizeRequests()
53 .antMatchers("/scrapperinfo/**")
54 .hasAnyAuthority("SUPERADMIN")
55 .and()
56 .authorizeRequests()
57 .anyRequest().permitAll();
58
59
60 http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean()));
61 http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
62
63 }
64
65
66 @Override
67 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
68 auth.authenticationProvider(daoAuthenticationProvider());
69 }
70
71 @Bean
72 @Override
73 public AuthenticationManager authenticationManagerBean() throws Exception {
74 return super.authenticationManagerBean();
75 }
76
77 public DaoAuthenticationProvider daoAuthenticationProvider(){
78 DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
79 provider.setPasswordEncoder(bCryptPasswordEncoder);
80 provider.setUserDetailsService(userService);
81 return provider;
82 }
83
84}
Note: See TracBrowser for help on using the repository browser.