Last change
on this file since 1ad8e64 was 1ad8e64, checked in by Ema <ema_spirova@…>, 3 years ago |
spring security
|
-
Property mode
set to
100644
|
File size:
1.9 KB
|
Line | |
---|
1 | package finki.diplomska.tripplanner.security;
|
---|
2 |
|
---|
3 |
|
---|
4 | import org.springframework.beans.factory.annotation.Autowired;
|
---|
5 | import org.springframework.context.annotation.Configuration;
|
---|
6 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
---|
7 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
---|
8 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
---|
9 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
---|
10 | import org.springframework.security.config.http.SessionCreationPolicy;
|
---|
11 |
|
---|
12 | @Configuration
|
---|
13 | @EnableWebSecurity
|
---|
14 | @EnableGlobalMethodSecurity(
|
---|
15 | securedEnabled = true,
|
---|
16 | jsr250Enabled = true,
|
---|
17 | prePostEnabled = true
|
---|
18 | )
|
---|
19 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
---|
20 |
|
---|
21 | @Autowired
|
---|
22 | private JwtAuthenticationEntryPoint unauthorizedHandler;
|
---|
23 |
|
---|
24 | @Override
|
---|
25 | protected void configure(HttpSecurity http) throws Exception {
|
---|
26 | http.cors().and().csrf().disable()
|
---|
27 | .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
|
---|
28 | .sessionManagement()
|
---|
29 | .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
---|
30 | .and()
|
---|
31 | .headers().frameOptions().sameOrigin() //To enable H2 Database
|
---|
32 | .and()
|
---|
33 | .authorizeRequests()
|
---|
34 | .antMatchers(
|
---|
35 | "/",
|
---|
36 | "/favicon.ico",
|
---|
37 | "/**/*.png",
|
---|
38 | "/**/*.gif",
|
---|
39 | "/**/*.svg",
|
---|
40 | "/**/*.jpg",
|
---|
41 | "/**/*.html",
|
---|
42 | "/**/*.css",
|
---|
43 | "/**/*.js"
|
---|
44 | ).permitAll()
|
---|
45 | .antMatchers("/api/users/**").permitAll()
|
---|
46 | .anyRequest().authenticated();
|
---|
47 | }
|
---|
48 | } |
---|
Note:
See
TracBrowser
for help on using the repository browser.