package com.example.rezevirajmasa.demo.config; import com.example.rezevirajmasa.demo.model.exceptions.CustomerAuthenticationEntryPoint; import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import java.util.List; @Configuration @EnableWebSecurity public class SecurityConfig implements WebMvcConfigurer { private final UserDetailsService userDetailsService; private final CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint; private final UserAuthProvider userAuthProvider; public SecurityConfig(UserDetailsService userDetailsService, CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint, UserAuthProvider userAuthProvider) { this.userDetailsService = userDetailsService; this.customerAuthenticationEntryPoint = customerAuthenticationEntryPoint; this.userAuthProvider = userAuthProvider; } @Bean public WebSecurityCustomizer webSecurityCustomizer() { return (web) -> web.ignoring().anyRequest(); } @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("http://localhost:3000") .allowedMethods("GET", "POST", "PUT", "DELETE") .allowedHeaders("*") .allowCredentials(true) .maxAge(3600L); } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth .requestMatchers("/api/auth/**").permitAll() .requestMatchers("/api/user/**", "/api/cuisineTypes", "/api/restaurants").authenticated() ) .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); return http.build(); } @Bean public AuthenticationManager authManager(HttpSecurity http) throws Exception { AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class); authenticationManagerBuilder.userDetailsService(userDetailsService); return authenticationManagerBuilder.build(); } } // //import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter; //import org.springframework.context.annotation.Bean; //import org.springframework.context.annotation.Configuration; //import org.springframework.security.authentication.AuthenticationManager; //import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; //import org.springframework.security.config.annotation.web.builders.HttpSecurity; //import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; //import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; //import org.springframework.security.config.http.SessionCreationPolicy; //import org.springframework.security.core.userdetails.UserDetailsService; //import org.springframework.security.web.SecurityFilterChain; //import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; // //@Configuration //@EnableWebSecurity //public class SecurityConfig { // // private final UserDetailsService userDetailsService; //// private final UserAuthProvider userAuthProvider; // private final JwtAuthFilter jwtAuthFilter; // // public SecurityConfig(UserDetailsService userDetailsService) { // this.userDetailsService = userDetailsService; //// this.userAuthProvider = userAuthProvider; // this.jwtAuthFilter = new JwtAuthFilter(userAuthProvider); // } // // @Bean // public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // http // .csrf(AbstractHttpConfigurer::disable) // .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // .authorizeHttpRequests((requests) -> requests // .requestMatchers("/api/login", "/api/register").permitAll() // .anyRequest().authenticated()) // .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // // return http.build(); // } // // @Bean // public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception { // AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class); // authenticationManagerBuilder.userDetailsService(userDetailsService); // return authenticationManagerBuilder.build(); // } //}