source: backend/src/main/java/com/finki/icare/config/SecurityConfig.java@ 700e2f9

main
Last change on this file since 700e2f9 was 700e2f9, checked in by 186079 <matej.milevski@…>, 5 days ago

Init
  • Property mode set to 100644
File size: 1.8 KB
Line 
1package com.finki.icare.config;
2
3import lombok.RequiredArgsConstructor;
4import org.springframework.context.annotation.Bean;
5import org.springframework.context.annotation.Configuration;
6import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
8import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
9import org.springframework.security.config.http.SessionCreationPolicy;
10import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
11import org.springframework.security.crypto.password.PasswordEncoder;
12import org.springframework.security.web.SecurityFilterChain;
13import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
14
15@Configuration
16@EnableWebSecurity
17@RequiredArgsConstructor
18public class SecurityConfig {
19
20 private final JwtAuthenticationFilter jwtAuthenticationFilter;
21
22 @Bean
23 public PasswordEncoder passwordEncoder() {
24 return new BCryptPasswordEncoder();
25 }
26
27 @Bean
28 public SecurityFilterChain securityFilterChain(HttpSecurity http) {
29 http
30 .csrf(AbstractHttpConfigurer::disable)
31 .cors(cors -> cors.configure(http))
32 .authorizeHttpRequests(auth -> auth
33 .requestMatchers("/api/auth/**")
34 .permitAll()
35 .requestMatchers("/api/blogs/**")
36 .authenticated()
37 .anyRequest()
38 .authenticated()
39 )
40 .sessionManagement(session -> session
41 .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
42 )
43 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
44
45 return http.build();
46 }
47}
Note: See TracBrowser for help on using the repository browser.