| 1 | package com.example.rezevirajmasa.demo.config;
|
|---|
| 2 |
|
|---|
| 3 | import com.example.rezevirajmasa.demo.model.exceptions.CustomerAuthenticationEntryPoint;
|
|---|
| 4 | import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
|
|---|
| 5 | import org.springframework.context.annotation.Bean;
|
|---|
| 6 | import org.springframework.context.annotation.Configuration;
|
|---|
| 7 | import org.springframework.http.HttpMethod;
|
|---|
| 8 | import org.springframework.security.authentication.AuthenticationManager;
|
|---|
| 9 | import org.springframework.security.config.Customizer;
|
|---|
| 10 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|---|
| 11 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|---|
| 12 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|---|
| 13 | import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
|---|
| 14 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|---|
| 15 | import org.springframework.security.config.http.SessionCreationPolicy;
|
|---|
| 16 | import org.springframework.security.core.userdetails.UserDetailsService;
|
|---|
| 17 | import org.springframework.security.web.SecurityFilterChain;
|
|---|
| 18 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|---|
| 19 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|---|
| 20 | import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|---|
| 21 | import org.springframework.web.cors.CorsConfiguration;
|
|---|
| 22 | import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
|---|
| 23 | import org.springframework.context.annotation.Bean;
|
|---|
| 24 | import org.springframework.context.annotation.Configuration;
|
|---|
| 25 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|---|
| 26 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|---|
| 27 | import org.springframework.security.web.SecurityFilterChain;
|
|---|
| 28 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
|---|
| 29 |
|
|---|
| 30 | import java.util.List;
|
|---|
| 31 |
|
|---|
| 32 | @Configuration
|
|---|
| 33 | @EnableWebSecurity
|
|---|
| 34 | public class SecurityConfig implements WebMvcConfigurer {
|
|---|
| 35 | private final UserDetailsService userDetailsService;
|
|---|
| 36 | private final CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint;
|
|---|
| 37 | private final UserAuthProvider userAuthProvider;
|
|---|
| 38 |
|
|---|
| 39 | public SecurityConfig(UserDetailsService userDetailsService, CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint, UserAuthProvider userAuthProvider) {
|
|---|
| 40 | this.userDetailsService = userDetailsService;
|
|---|
| 41 | this.customerAuthenticationEntryPoint = customerAuthenticationEntryPoint;
|
|---|
| 42 | this.userAuthProvider = userAuthProvider;
|
|---|
| 43 | }
|
|---|
| 44 |
|
|---|
| 45 | @Bean
|
|---|
| 46 | public WebSecurityCustomizer webSecurityCustomizer() {
|
|---|
| 47 | return (web) -> web.ignoring().anyRequest();
|
|---|
| 48 | }
|
|---|
| 49 |
|
|---|
| 50 | @Override
|
|---|
| 51 | public void addCorsMappings(CorsRegistry registry) {
|
|---|
| 52 | registry.addMapping("/**")
|
|---|
| 53 | .allowedOrigins("http://localhost:3000")
|
|---|
| 54 | .allowedMethods("GET", "POST", "PUT", "DELETE")
|
|---|
| 55 | .allowedHeaders("*")
|
|---|
| 56 | .allowCredentials(true)
|
|---|
| 57 | .maxAge(3600L);
|
|---|
| 58 | }
|
|---|
| 59 |
|
|---|
| 60 | @Bean
|
|---|
| 61 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|---|
| 62 | http
|
|---|
| 63 | .csrf(AbstractHttpConfigurer::disable)
|
|---|
| 64 | .authorizeHttpRequests(auth -> auth
|
|---|
| 65 | .requestMatchers("/api/auth/**").permitAll()
|
|---|
| 66 | .requestMatchers("/api/user/**", "/api/cuisineTypes", "/api/restaurants").authenticated()
|
|---|
| 67 | )
|
|---|
| 68 | .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
|---|
| 69 |
|
|---|
| 70 | return http.build();
|
|---|
| 71 | }
|
|---|
| 72 |
|
|---|
| 73 | @Bean
|
|---|
| 74 | public AuthenticationManager authManager(HttpSecurity http) throws Exception {
|
|---|
| 75 | AuthenticationManagerBuilder authenticationManagerBuilder =
|
|---|
| 76 | http.getSharedObject(AuthenticationManagerBuilder.class);
|
|---|
| 77 | authenticationManagerBuilder.userDetailsService(userDetailsService);
|
|---|
| 78 | return authenticationManagerBuilder.build();
|
|---|
| 79 | }
|
|---|
| 80 | }
|
|---|
| 81 | //
|
|---|
| 82 | //import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
|
|---|
| 83 | //import org.springframework.context.annotation.Bean;
|
|---|
| 84 | //import org.springframework.context.annotation.Configuration;
|
|---|
| 85 | //import org.springframework.security.authentication.AuthenticationManager;
|
|---|
| 86 | //import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|---|
| 87 | //import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|---|
| 88 | //import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|---|
| 89 | //import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|---|
| 90 | //import org.springframework.security.config.http.SessionCreationPolicy;
|
|---|
| 91 | //import org.springframework.security.core.userdetails.UserDetailsService;
|
|---|
| 92 | //import org.springframework.security.web.SecurityFilterChain;
|
|---|
| 93 | //import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|---|
| 94 | //
|
|---|
| 95 | //@Configuration
|
|---|
| 96 | //@EnableWebSecurity
|
|---|
| 97 | //public class SecurityConfig {
|
|---|
| 98 | //
|
|---|
| 99 | // private final UserDetailsService userDetailsService;
|
|---|
| 100 | //// private final UserAuthProvider userAuthProvider;
|
|---|
| 101 | // private final JwtAuthFilter jwtAuthFilter;
|
|---|
| 102 | //
|
|---|
| 103 | // public SecurityConfig(UserDetailsService userDetailsService) {
|
|---|
| 104 | // this.userDetailsService = userDetailsService;
|
|---|
| 105 | //// this.userAuthProvider = userAuthProvider;
|
|---|
| 106 | // this.jwtAuthFilter = new JwtAuthFilter(userAuthProvider);
|
|---|
| 107 | // }
|
|---|
| 108 | //
|
|---|
| 109 | // @Bean
|
|---|
| 110 | // public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|---|
| 111 | // http
|
|---|
| 112 | // .csrf(AbstractHttpConfigurer::disable)
|
|---|
| 113 | // .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
|---|
| 114 | // .authorizeHttpRequests((requests) -> requests
|
|---|
| 115 | // .requestMatchers("/api/login", "/api/register").permitAll()
|
|---|
| 116 | // .anyRequest().authenticated())
|
|---|
| 117 | // .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
|
|---|
| 118 | //
|
|---|
| 119 | // return http.build();
|
|---|
| 120 | // }
|
|---|
| 121 | //
|
|---|
| 122 | // @Bean
|
|---|
| 123 | // public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
|
|---|
| 124 | // AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
|
|---|
| 125 | // authenticationManagerBuilder.userDetailsService(userDetailsService);
|
|---|
| 126 | // return authenticationManagerBuilder.build();
|
|---|
| 127 | // }
|
|---|
| 128 | //}
|
|---|
