Changeset 5a9c93b for src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java

Timestamp:

03/05/24 14:15:44 (15 months ago)

Author:

Aleksandar Panovski <apano77@…>

Branches:

main

Children:

db39d9e

Parents:

a2c6c2b

Message:

Authorization layer

File:

• src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java (modified) (4 diffs)

src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java

@@ -1 +1 @@
 package com.example.rezevirajmasa.demo.config;
 
+import com.example.rezevirajmasa.demo.model.exceptions.CustomerAuthenticationEntryPoint;
+import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -9 +12 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-
 
 @Configuration
@@ -23 +23 @@
 public class SecurityConfig implements WebMvcConfigurer {
     private final UserDetailsService userDetailsService;
+    private final CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint;
+    private final UserAuthProvider userAuthProvider;
 
-    public SecurityConfig(UserDetailsService userDetailsService) {
+    public SecurityConfig(UserDetailsService userDetailsService, CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint, UserAuthProvider userAuthProvider) {
         this.userDetailsService = userDetailsService;
+        this.customerAuthenticationEntryPoint = customerAuthenticationEntryPoint;
+        this.userAuthProvider = userAuthProvider;
     }
 
@@ -43 +47 @@
     }
 
+//    @Bean
+//    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception  {
+//
+//        http
+//                .csrf(AbstractHttpConfigurer::disable)
+//                .authorizeHttpRequests( (requests) -> requests
+//                        .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
+//                        .permitAll()
+//                        .anyRequest()
+//                        .hasAnyRole("ADMIN", "USER")
+//                )
+//                .formLogin((form) -> form
+//                        .permitAll()
+//                        .failureUrl("/login?error=BadCredentials")
+//                        .defaultSuccessUrl("/restaurants", true)
+//                )
+//                .logout((logout) -> logout
+//                        .logoutUrl("/logout")
+//                        .clearAuthentication(true)
+//                        .invalidateHttpSession(true)
+//                        .deleteCookies("JSESSIONID")
+//                        .logoutSuccessUrl("/")
+//                );
+//
+//        return http.build();
+//    }
+
     @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception  {
-
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+                .exceptionHandling((exception) -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
+                .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
                 .csrf(AbstractHttpConfigurer::disable)
-                .authorizeHttpRequests( (requests) -> requests
-                        .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
-                        .permitAll()
-                        .anyRequest()
-                        .hasAnyRole("ADMIN", "USER")
-                )
-                .formLogin((form) -> form
-                        .permitAll()
-                        .failureUrl("/login?error=BadCredentials")
-                        .defaultSuccessUrl("/restaurants", true)
-                )
-                .logout((logout) -> logout
-                        .logoutUrl("/logout")
-                        .clearAuthentication(true)
-                        .invalidateHttpSession(true)
-                        .deleteCookies("JSESSIONID")
-                        .logoutSuccessUrl("/")
+                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests((requests) -> requests
+                        .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
+                        .anyRequest().authenticated()
                 );
-
         return http.build();
     }
-
     @Bean
     public AuthenticationManager authManager(HttpSecurity http) throws Exception {