source: src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java@ 8ca35dc

main
Last change on this file since 8ca35dc was 8ca35dc, checked in by Aleksandar Panovski <apano77@…>, 4 months ago

Done with stupid timeslots
  • Property mode set to 100644
File size: 7.7 KB
Line 
1package com.example.rezevirajmasa.demo.config;
2
3import com.example.rezevirajmasa.demo.model.exceptions.CustomerAuthenticationEntryPoint;
4import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
5import org.springframework.context.annotation.Bean;
6import org.springframework.context.annotation.Configuration;
7import org.springframework.http.HttpMethod;
8import org.springframework.security.authentication.AuthenticationManager;
9import org.springframework.security.config.Customizer;
10import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
11import org.springframework.security.config.annotation.web.builders.HttpSecurity;
12import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
13import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
14import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
15import org.springframework.security.config.http.SessionCreationPolicy;
16import org.springframework.security.core.userdetails.UserDetailsService;
17import org.springframework.security.web.SecurityFilterChain;
18import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
19import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
20import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
21import org.springframework.web.servlet.config.annotation.CorsRegistry;
22import org.springframework.context.annotation.Bean;
23import org.springframework.context.annotation.Configuration;
24import org.springframework.security.config.annotation.web.builders.HttpSecurity;
25import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
26import org.springframework.security.web.SecurityFilterChain;
27import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
28
29@Configuration
30@EnableWebSecurity
31public class SecurityConfig implements WebMvcConfigurer {
32 private final UserDetailsService userDetailsService;
33 private final CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint;
34 private final UserAuthProvider userAuthProvider;
35
36 public SecurityConfig(UserDetailsService userDetailsService, CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint, UserAuthProvider userAuthProvider) {
37 this.userDetailsService = userDetailsService;
38 this.customerAuthenticationEntryPoint = customerAuthenticationEntryPoint;
39 this.userAuthProvider = userAuthProvider;
40 }
41
42 @Bean
43 public WebSecurityCustomizer webSecurityCustomizer() {
44 return (web) -> web.ignoring().anyRequest();
45 }
46
47 @Override
48 public void addCorsMappings(CorsRegistry registry) {
49 registry.addMapping("/**")
50 .allowedOrigins("http://localhost:3000")
51 .allowedMethods("GET", "POST", "PUT", "DELETE")
52 .allowedHeaders("*")
53 .allowCredentials(true)
54 .maxAge(3600L);
55 }
56
57// @Bean
58// public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
59// http
60// .exceptionHandling(exception -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
61// .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
62// .csrf(AbstractHttpConfigurer::disable)
63// .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
64// .authorizeHttpRequests(requests -> requests
65// .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
66// .requestMatchers("/", "/home").authenticated() // Restrict `/` to authenticated users
67// .anyRequest().authenticated()
68// )
69// .logout(logout -> logout
70// .logoutUrl("/logout")
71// .clearAuthentication(true)
72// .invalidateHttpSession(true)
73// .deleteCookies("JSESSIONID")
74// .logoutSuccessUrl("/api/login") // Redirect to login page after logout
75// );
76//
77// return http.build();
78// }
79
80 @Bean
81 public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
82 http
83 .exceptionHandling((exception) -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
84 .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
85 .csrf(AbstractHttpConfigurer::disable)
86 .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
87 .authorizeHttpRequests((requests) -> requests
88 .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
89 .anyRequest().authenticated());
90 return http.build();
91 }
92
93 @Bean
94 public AuthenticationManager authManager(HttpSecurity http) throws Exception {
95 AuthenticationManagerBuilder authenticationManagerBuilder =
96 http.getSharedObject(AuthenticationManagerBuilder.class);
97 authenticationManagerBuilder.userDetailsService(userDetailsService);
98 return authenticationManagerBuilder.build();
99 }
100}
101//
102//import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
103//import org.springframework.context.annotation.Bean;
104//import org.springframework.context.annotation.Configuration;
105//import org.springframework.security.authentication.AuthenticationManager;
106//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
107//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
108//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
109//import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
110//import org.springframework.security.config.http.SessionCreationPolicy;
111//import org.springframework.security.core.userdetails.UserDetailsService;
112//import org.springframework.security.web.SecurityFilterChain;
113//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
114//
115//@Configuration
116//@EnableWebSecurity
117//public class SecurityConfig {
118//
119// private final UserDetailsService userDetailsService;
120//// private final UserAuthProvider userAuthProvider;
121// private final JwtAuthFilter jwtAuthFilter;
122//
123// public SecurityConfig(UserDetailsService userDetailsService) {
124// this.userDetailsService = userDetailsService;
125//// this.userAuthProvider = userAuthProvider;
126// this.jwtAuthFilter = new JwtAuthFilter(userAuthProvider);
127// }
128//
129// @Bean
130// public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
131// http
132// .csrf(AbstractHttpConfigurer::disable)
133// .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
134// .authorizeHttpRequests((requests) -> requests
135// .requestMatchers("/api/login", "/api/register").permitAll()
136// .anyRequest().authenticated())
137// .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
138//
139// return http.build();
140// }
141//
142// @Bean
143// public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
144// AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
145// authenticationManagerBuilder.userDetailsService(userDetailsService);
146// return authenticationManagerBuilder.build();
147// }
148//}
Note: See TracBrowser for help on using the repository browser.