| [cf9cdbf] | 1 | package edu.gjoko.schedlr.config;
|
|---|
| 2 |
|
|---|
| [401a211] | 3 | import edu.gjoko.schedlr.services.PostgresUserDetailsService;
|
|---|
| [8bcd64c] | 4 | import lombok.AllArgsConstructor;
|
|---|
| [cf9cdbf] | 5 | import org.springframework.context.annotation.Bean;
|
|---|
| 6 | import org.springframework.context.annotation.Configuration;
|
|---|
| [401a211] | 7 | import org.springframework.security.authentication.AuthenticationManager;
|
|---|
| 8 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|---|
| [cf9cdbf] | 9 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|---|
| [401a211] | 10 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|---|
| 11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|---|
| [cf9cdbf] | 12 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|---|
| [8bcd64c] | 13 | import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
|---|
| [401a211] | 14 | import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|---|
| [950fa0d] | 15 | import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
|
|---|
| 16 | import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
|---|
| [cf9cdbf] | 17 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|---|
| [950fa0d] | 18 | import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
|
|---|
| 19 |
|
|---|
| 20 | import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.*;
|
|---|
| [cf9cdbf] | 21 |
|
|---|
| 22 | @Configuration
|
|---|
| [401a211] | 23 | @EnableWebSecurity
|
|---|
| [8bcd64c] | 24 | @AllArgsConstructor
|
|---|
| [401a211] | 25 | public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
|
|---|
| 26 |
|
|---|
| [950fa0d] | 27 | private static final ClearSiteDataHeaderWriter.Directive[] SOURCE =
|
|---|
| 28 | {CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS};
|
|---|
| 29 |
|
|---|
| [401a211] | 30 | private final PostgresUserDetailsService userDetailsService;
|
|---|
| 31 |
|
|---|
| 32 | private final BCryptPasswordEncoder passwordEncoder;
|
|---|
| 33 |
|
|---|
| 34 | private final AuthenticationSuccessHandler authenticationSuccessHandler;
|
|---|
| 35 |
|
|---|
| [8bcd64c] | 36 | private final AuthenticationFailureHandler authenticationFailureHandler;
|
|---|
| [cf9cdbf] | 37 |
|
|---|
| 38 | @Bean
|
|---|
| [401a211] | 39 | public AuthenticationManager customAuthenticationManager() throws Exception {
|
|---|
| 40 | return authenticationManager();
|
|---|
| 41 | }
|
|---|
| 42 |
|
|---|
| 43 | @Override
|
|---|
| 44 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|---|
| 45 | auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
|
|---|
| 46 | }
|
|---|
| 47 |
|
|---|
| 48 | @Override
|
|---|
| 49 | protected void configure(HttpSecurity http) throws Exception {
|
|---|
| 50 | http.csrf()
|
|---|
| [cf9cdbf] | 51 | .disable()
|
|---|
| [a436340] | 52 | .httpBasic()
|
|---|
| 53 | .authenticationEntryPoint(new AppAuthenticationEntryPoint())
|
|---|
| 54 | .and()
|
|---|
| [8bcd64c] | 55 | .addFilterAfter(new AppFilter(userDetailsService), BasicAuthenticationFilter.class)
|
|---|
| [a436340] | 56 | .formLogin()
|
|---|
| 57 | .loginPage("/login")
|
|---|
| 58 | .loginProcessingUrl("/login")
|
|---|
| 59 | .successHandler(authenticationSuccessHandler)
|
|---|
| [8bcd64c] | 60 | .failureHandler(authenticationFailureHandler)
|
|---|
| [a436340] | 61 | .defaultSuccessUrl("/homepage")
|
|---|
| 62 | .and()
|
|---|
| [950fa0d] | 63 | .logout(logout -> logout
|
|---|
| 64 | .logoutUrl("/logout")
|
|---|
| 65 | .logoutSuccessUrl("/login")
|
|---|
| 66 | .addLogoutHandler(new SecurityContextLogoutHandler())
|
|---|
| 67 | .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))))
|
|---|
| [401a211] | 68 | .authorizeRequests()
|
|---|
| [763289e] | 69 | .antMatchers("/login").permitAll()
|
|---|
| [950fa0d] | 70 | .antMatchers("/logout").permitAll()
|
|---|
| [204464d] | 71 | .antMatchers("/register_customer").permitAll()
|
|---|
| 72 | .antMatchers("/register_business").permitAll()
|
|---|
| [a436340] | 73 | .antMatchers("/api/nomenclatures/*").permitAll()
|
|---|
| [950fa0d] | 74 | .antMatchers("/api/user/me").permitAll()
|
|---|
| [46fd0c7] | 75 | .antMatchers("/api/business").permitAll()
|
|---|
| [950fa0d] | 76 | .antMatchers("/api/appointment").permitAll()
|
|---|
| [763289e] | 77 | .antMatchers("/homepage").permitAll()
|
|---|
| [401a211] | 78 | .antMatchers("/css/**").permitAll()
|
|---|
| [044bd76] | 79 | .antMatchers("/js/**").permitAll()
|
|---|
| [401a211] | 80 | .antMatchers("/anonymous*").anonymous()
|
|---|
| 81 | .anyRequest()
|
|---|
| [a436340] | 82 | .fullyAuthenticated();
|
|---|
| [cf9cdbf] | 83 | }
|
|---|
| 84 | }
|
|---|
