| 1 | package com.example.rezevirajmasa.demo.config;
|
|---|
| 2 |
|
|---|
| 3 | import org.springframework.context.annotation.Bean;
|
|---|
| 4 | import org.springframework.context.annotation.Configuration;
|
|---|
| 5 | import org.springframework.security.authentication.AuthenticationManager;
|
|---|
| 6 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|---|
| 7 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|---|
| 8 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|---|
| 9 | import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
|---|
| 10 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|---|
| 11 | import org.springframework.security.core.userdetails.UserDetailsService;
|
|---|
| 12 | import org.springframework.security.web.SecurityFilterChain;
|
|---|
| 13 | import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|---|
| 14 | import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
|---|
| 15 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
|---|
| 16 |
|
|---|
| 17 |
|
|---|
| 18 | @Configuration
|
|---|
| 19 | @EnableWebSecurity
|
|---|
| 20 | public class SecurityConfig implements WebMvcConfigurer {
|
|---|
| 21 | private final UserDetailsService userDetailsService;
|
|---|
| 22 |
|
|---|
| 23 | public SecurityConfig(UserDetailsService userDetailsService) {
|
|---|
| 24 | this.userDetailsService = userDetailsService;
|
|---|
| 25 | }
|
|---|
| 26 |
|
|---|
| 27 | @Bean
|
|---|
| 28 | public WebSecurityCustomizer webSecurityCustomizer() {
|
|---|
| 29 | return (web) -> web.ignoring().anyRequest();
|
|---|
| 30 | }
|
|---|
| 31 |
|
|---|
| 32 | @Override
|
|---|
| 33 | public void addCorsMappings(CorsRegistry registry) {
|
|---|
| 34 | registry.addMapping("/**")
|
|---|
| 35 | .allowedOrigins("http://localhost:3000") // Allow requests from this origin
|
|---|
| 36 | .allowedMethods("GET", "POST", "PUT", "DELETE") // Allow these HTTP methods
|
|---|
| 37 | .allowedHeaders("*"); // Allow all headers
|
|---|
| 38 | }
|
|---|
| 39 |
|
|---|
| 40 | @Bean
|
|---|
| 41 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|---|
| 42 |
|
|---|
| 43 | http
|
|---|
| 44 | .csrf(AbstractHttpConfigurer::disable)
|
|---|
| 45 | .authorizeHttpRequests( (requests) -> requests
|
|---|
| 46 | .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
|
|---|
| 47 | .permitAll()
|
|---|
| 48 | .anyRequest()
|
|---|
| 49 | .hasAnyRole("ADMIN", "USER")
|
|---|
| 50 | )
|
|---|
| 51 | .formLogin((form) -> form
|
|---|
| 52 | .permitAll()
|
|---|
| 53 | .failureUrl("/login?error=BadCredentials")
|
|---|
| 54 | .defaultSuccessUrl("/restaurants", true)
|
|---|
| 55 | )
|
|---|
| 56 | .logout((logout) -> logout
|
|---|
| 57 | .logoutUrl("/logout")
|
|---|
| 58 | .clearAuthentication(true)
|
|---|
| 59 | .invalidateHttpSession(true)
|
|---|
| 60 | .deleteCookies("JSESSIONID")
|
|---|
| 61 | .logoutSuccessUrl("/")
|
|---|
| 62 | );
|
|---|
| 63 |
|
|---|
| 64 | return http.build();
|
|---|
| 65 | }
|
|---|
| 66 |
|
|---|
| 67 | @Bean
|
|---|
| 68 | public AuthenticationManager authManager(HttpSecurity http) throws Exception {
|
|---|
| 69 | AuthenticationManagerBuilder authenticationManagerBuilder =
|
|---|
| 70 | http.getSharedObject(AuthenticationManagerBuilder.class);
|
|---|
| 71 | authenticationManagerBuilder.userDetailsService(userDetailsService);
|
|---|
| 72 | return authenticationManagerBuilder.build();
|
|---|
| 73 | }
|
|---|
| 74 | } |
|---|
