source: trip-planner/src/main/java/finki/diplomska/tripplanner/security/SecurityConfig.java

Last change on this file was 571e0df, checked in by Ema <ema_spirova@…>, 3 years ago

final presentation

  • Property mode set to 100644
File size: 3.7 KB
Line 
1package finki.diplomska.tripplanner.security;
2
3
4import finki.diplomska.tripplanner.service.impl.CustomUserDetailsServiceImpl;
5import org.springframework.beans.factory.annotation.Autowired;
6import org.springframework.context.annotation.Bean;
7import org.springframework.context.annotation.Configuration;
8import org.springframework.security.authentication.AuthenticationManager;
9import org.springframework.security.config.BeanIds;
10import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
11import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
12import org.springframework.security.config.annotation.web.builders.HttpSecurity;
13import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
14import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
15import org.springframework.security.config.http.SessionCreationPolicy;
16import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
17import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
18
19import static finki.diplomska.tripplanner.security.SecurityConstants.MARIADB_URL;
20import static finki.diplomska.tripplanner.security.SecurityConstants.SIGN_UP_URLS;
21
22@Configuration
23@EnableWebSecurity
24@EnableGlobalMethodSecurity(
25 securedEnabled = true,
26 jsr250Enabled = true,
27 prePostEnabled = true
28)
29public class SecurityConfig extends WebSecurityConfigurerAdapter {
30
31 @Autowired
32 private JwtAuthenticationEntryPoint unauthorizedHandler;
33
34 @Autowired
35 private CustomUserDetailsServiceImpl customUserDetailsService;
36
37 @Bean
38 public JwtAuthenticationFilter jwtAuthenticationFilter() {return new JwtAuthenticationFilter();}
39
40
41 @Autowired
42 private BCryptPasswordEncoder bCryptPasswordEncoder;
43
44 @Override
45 protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
46 authenticationManagerBuilder.userDetailsService(customUserDetailsService).passwordEncoder(bCryptPasswordEncoder);
47 }
48
49 @Override
50 @Bean(BeanIds.AUTHENTICATION_MANAGER)
51 protected AuthenticationManager authenticationManager() throws Exception {
52 return super.authenticationManager();
53 }
54
55 @Override
56 protected void configure(HttpSecurity http) throws Exception {
57 http.cors().and().csrf().disable()
58 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
59 .sessionManagement()
60 .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
61 .and()
62 .headers().frameOptions().sameOrigin() //To enable H2 Database
63 .and()
64 .authorizeRequests()
65 .antMatchers(
66 "/",
67 "/favicon.ico",
68 "/**/*.png",
69 "/**/*.gif",
70 "/**/*.svg",
71 "/**/*.jpg",
72 "/**/*.html",
73 "/**/*.css",
74 "/**/*.js"
75 ).permitAll()
76 .antMatchers(SIGN_UP_URLS).permitAll()
77 .antMatchers(MARIADB_URL).permitAll()
78 .antMatchers("/api/weekend").permitAll()
79 .antMatchers("/api/villages").permitAll()
80 .antMatchers("/api/cities").permitAll()
81 .antMatchers("/api/all").permitAll()
82 .antMatchers("/api/places").permitAll()
83 .anyRequest().authenticated();
84 http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
85
86 }
87}
Note: See TracBrowser for help on using the repository browser.