source: jobvista-backend/src/main/java/mk/ukim/finki/predmeti/internettehnologii/jobvistabackend/config/SecurityConfiguration.java

main
Last change on this file was 08f82ec, checked in by 223021 <daniel.ilievski.2@…>, 9 days ago

Did more refactoring
  • Property mode set to 100644
File size: 4.5 KB
Line 
1package mk.ukim.finki.predmeti.internettehnologii.jobvistabackend.config;
2
3import lombok.RequiredArgsConstructor;
4import mk.ukim.finki.predmeti.internettehnologii.jobvistabackend.models.enumerations.Role;
5import org.springframework.context.annotation.Bean;
6import org.springframework.context.annotation.Configuration;
7import org.springframework.security.authentication.AuthenticationManager;
8import org.springframework.security.authentication.AuthenticationProvider;
9import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
10import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
11import org.springframework.security.config.annotation.web.builders.HttpSecurity;
12import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
13import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
14import org.springframework.security.config.http.SessionCreationPolicy;
15import org.springframework.security.core.userdetails.UserDetailsService;
16import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
17import org.springframework.security.crypto.password.PasswordEncoder;
18import org.springframework.security.web.SecurityFilterChain;
19import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
20
21@Configuration
22@EnableWebSecurity
23@RequiredArgsConstructor
24public class SecurityConfiguration {
25
26 private final JwtAuthFilter jwtAuthFilter;
27 private final UserDetailsService userDetailsService;
28
29 @Bean
30 public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
31 http.csrf(AbstractHttpConfigurer::disable)
32 .authorizeHttpRequests(request -> request
33 .requestMatchers(
34 "/api/auth/**",
35 "/api/job-advertisements/**",
36 "/api/applications/**",
37 "/api/recruiter/**",
38 "/api/job-seeker/**"
39 ).permitAll()
40 .requestMatchers("/api/admin/**").hasAnyAuthority(Role.ROLE_ADMIN.name())
41 .requestMatchers("/api/recruiter/{id}/edit-info").hasAnyAuthority(Role.ROLE_RECRUITER.name())
42 .requestMatchers("/api/recruiter/submit-logo").hasAnyAuthority(Role.ROLE_RECRUITER.name())
43 .requestMatchers("/api/job-seeker/{id}/edit-info").hasAnyAuthority(Role.ROLE_RECRUITER.name())
44 .requestMatchers("/api/job-seeker/submit-profile-pic").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
45 .requestMatchers("/api/job-advertisements/add").hasAnyAuthority(Role.ROLE_RECRUITER.name())
46 .requestMatchers("/api/job-advertisements/edit/{id}").hasAnyAuthority(Role.ROLE_RECRUITER.name())
47 .requestMatchers("/api/job-advertisements/delete/{id}").hasAnyAuthority(Role.ROLE_RECRUITER.name())
48 .requestMatchers("/api/applications/{id}/update").hasAnyAuthority(Role.ROLE_RECRUITER.name())
49 .requestMatchers("/api/job-advertisements/{advertisement_id}/applications").hasAnyAuthority(Role.ROLE_RECRUITER.name())
50 .requestMatchers("/api/applications/submit").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
51 .requestMatchers("/api/my-applications/{id}").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
52 .anyRequest().authenticated())
53 .sessionManagement(manager -> manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
54 .authenticationProvider(authenticationProvider()).addFilterBefore(
55 jwtAuthFilter, UsernamePasswordAuthenticationFilter.class
56 );
57 return http.build();
58 }
59
60 @Bean
61 public AuthenticationProvider authenticationProvider() {
62 DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
63 authenticationProvider.setUserDetailsService(userDetailsService);
64 authenticationProvider.setPasswordEncoder(passwordEncoder());
65 return authenticationProvider;
66 }
67
68 @Bean
69 public PasswordEncoder passwordEncoder() {
70 return new BCryptPasswordEncoder();
71 }
72
73 @Bean
74 public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
75 return config.getAuthenticationManager();
76 }
77}
Note: See TracBrowser for help on using the repository browser.