- Timestamp:
- 09/17/22 01:23:47 (2 years ago)
- Branches:
- master
- Children:
- 7e88e46
- Parents:
- e5b84dc
- Location:
- phonelux-backend/src/main/java/finki/it/phoneluxbackend/security
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
phonelux-backend/src/main/java/finki/it/phoneluxbackend/security/CustomAuthenticationFilter.java
re5b84dc r775e15e 50 50 .withClaim("role", user.getAuthorities().stream() 51 51 .map(GrantedAuthority::getAuthority).collect(Collectors.toList())) 52 .withClaim("name", user.getFirstName()) 53 .withClaim("id", user.getId()) 52 54 .sign(algorithm); 53 55 54 // String refresh_token = JWT.create()55 // .withSubject(user.getEmail())56 // .withExpiresAt(new Date(System.currentTimeMillis() + 30 * 60 * 1000))57 // .withIssuer(request.getRequestURL().toString())58 // .withClaim("role",user.getAuthorities().stream()59 // .map(GrantedAuthority::getAuthority).collect(Collectors.toList()))60 // .sign(algorithm);61 56 62 63 Map<String,String> tokens = new HashMap<>(); 64 tokens.put("access_token",access_token); 65 // tokens.put("refresh_token",refresh_token); 57 Map<String,String> authInfo = new HashMap<>(); 58 authInfo.put("access_token",access_token); 66 59 response.setContentType(APPLICATION_JSON_VALUE); 67 new ObjectMapper().writeValue(response.getOutputStream(), tokens);60 new ObjectMapper().writeValue(response.getOutputStream(),authInfo); 68 61 } 69 62 } -
phonelux-backend/src/main/java/finki/it/phoneluxbackend/security/configs/WebSecurityConfig.java
re5b84dc r775e15e 29 29 @Override 30 30 protected void configure(HttpSecurity http) throws Exception { 31 // http 32 // .csrf().disable() 33 // .authorizeRequests() 34 // .antMatchers("/registration/**") 35 // .permitAll() 36 // .anyRequest() 37 // .authenticated().and() 38 // .formLogin(); 31 39 32 40 33 http.csrf().disable(); 41 34 http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 42 // http.authorizeRequests().antMatchers(GET,"/phones").hasAnyAuthority("USER"); 43 http.authorizeRequests().anyRequest().permitAll(); 35 36 http.authorizeRequests() 37 .and() 38 .authorizeRequests() 39 .antMatchers("/user/**") 40 .hasAnyAuthority("USER","ADMIN", "SUPERADMIN") 41 .and() 42 .authorizeRequests() 43 .antMatchers("/management/**") 44 .hasAnyAuthority("SUPERADMIN") 45 .anyRequest().permitAll(); 46 47 48 44 49 http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean())); 45 50 http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
Note:
See TracChangeset
for help on using the changeset viewer.