| 1 | package com.example.rezevirajmasa.demo.config;
|
|---|
| 2 |
|
|---|
| 3 | import com.example.rezevirajmasa.demo.model.exceptions.CustomerAuthenticationEntryPoint;
|
|---|
| 4 | import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
|
|---|
| 5 | import org.springframework.context.annotation.Bean;
|
|---|
| 6 | import org.springframework.context.annotation.Configuration;
|
|---|
| 7 | import org.springframework.http.HttpMethod;
|
|---|
| 8 | import org.springframework.security.authentication.AuthenticationManager;
|
|---|
| 9 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|---|
| 10 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|---|
| 11 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|---|
| 12 | import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
|---|
| 13 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|---|
| 14 | import org.springframework.security.config.http.SessionCreationPolicy;
|
|---|
| 15 | import org.springframework.security.core.userdetails.UserDetailsService;
|
|---|
| 16 | import org.springframework.security.web.SecurityFilterChain;
|
|---|
| 17 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|---|
| 18 | import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
|---|
| 19 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
|---|
| 20 |
|
|---|
| 21 | @Configuration
|
|---|
| 22 | @EnableWebSecurity
|
|---|
| 23 | public class SecurityConfig implements WebMvcConfigurer {
|
|---|
| 24 | private final UserDetailsService userDetailsService;
|
|---|
| 25 | private final CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint;
|
|---|
| 26 | private final UserAuthProvider userAuthProvider;
|
|---|
| 27 |
|
|---|
| 28 | public SecurityConfig(UserDetailsService userDetailsService, CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint, UserAuthProvider userAuthProvider) {
|
|---|
| 29 | this.userDetailsService = userDetailsService;
|
|---|
| 30 | this.customerAuthenticationEntryPoint = customerAuthenticationEntryPoint;
|
|---|
| 31 | this.userAuthProvider = userAuthProvider;
|
|---|
| 32 | }
|
|---|
| 33 |
|
|---|
| 34 | @Bean
|
|---|
| 35 | public WebSecurityCustomizer webSecurityCustomizer() {
|
|---|
| 36 | return (web) -> web.ignoring().anyRequest();
|
|---|
| 37 | }
|
|---|
| 38 |
|
|---|
| 39 | @Override
|
|---|
| 40 | public void addCorsMappings(CorsRegistry registry) {
|
|---|
| 41 | registry.addMapping("/**")
|
|---|
| 42 | .allowCredentials(true)
|
|---|
| 43 | .allowedOrigins("http://localhost:3000") // Allow requests from this origin
|
|---|
| 44 | .allowedMethods("GET", "POST", "PUT", "DELETE") // Allow these HTTP methods
|
|---|
| 45 | .allowedHeaders("*")
|
|---|
| 46 | .maxAge(3600L); // Allow all headers
|
|---|
| 47 | }
|
|---|
| 48 |
|
|---|
| 49 | // @Bean
|
|---|
| 50 | // public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|---|
| 51 | //
|
|---|
| 52 | // http
|
|---|
| 53 | // .csrf(AbstractHttpConfigurer::disable)
|
|---|
| 54 | // .authorizeHttpRequests( (requests) -> requests
|
|---|
| 55 | // .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
|
|---|
| 56 | // .permitAll()
|
|---|
| 57 | // .anyRequest()
|
|---|
| 58 | // .hasAnyRole("ADMIN", "USER")
|
|---|
| 59 | // )
|
|---|
| 60 | // .formLogin((form) -> form
|
|---|
| 61 | // .permitAll()
|
|---|
| 62 | // .failureUrl("/login?error=BadCredentials")
|
|---|
| 63 | // .defaultSuccessUrl("/restaurants", true)
|
|---|
| 64 | // )
|
|---|
| 65 | // .logout((logout) -> logout
|
|---|
| 66 | // .logoutUrl("/logout")
|
|---|
| 67 | // .clearAuthentication(true)
|
|---|
| 68 | // .invalidateHttpSession(true)
|
|---|
| 69 | // .deleteCookies("JSESSIONID")
|
|---|
| 70 | // .logoutSuccessUrl("/")
|
|---|
| 71 | // );
|
|---|
| 72 | //
|
|---|
| 73 | // return http.build();
|
|---|
| 74 | // }
|
|---|
| 75 |
|
|---|
| 76 | @Bean
|
|---|
| 77 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|---|
| 78 | http
|
|---|
| 79 | .exceptionHandling((exception) -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
|
|---|
| 80 | .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
|
|---|
| 81 | .csrf(AbstractHttpConfigurer::disable)
|
|---|
| 82 | .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
|---|
| 83 | .authorizeHttpRequests((requests) -> requests
|
|---|
| 84 | .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
|
|---|
| 85 | .anyRequest().authenticated()
|
|---|
| 86 | );
|
|---|
| 87 | return http.build();
|
|---|
| 88 | }
|
|---|
| 89 | @Bean
|
|---|
| 90 | public AuthenticationManager authManager(HttpSecurity http) throws Exception {
|
|---|
| 91 | AuthenticationManagerBuilder authenticationManagerBuilder =
|
|---|
| 92 | http.getSharedObject(AuthenticationManagerBuilder.class);
|
|---|
| 93 | authenticationManagerBuilder.userDetailsService(userDetailsService);
|
|---|
| 94 | return authenticationManagerBuilder.build();
|
|---|
| 95 | }
|
|---|
| 96 | } |
|---|
