1 | package mk.ukim.finki.predmeti.internettehnologii.jobvistabackend.config;
|
---|
2 |
|
---|
3 | import lombok.RequiredArgsConstructor;
|
---|
4 | import mk.ukim.finki.predmeti.internettehnologii.jobvistabackend.models.enumerations.Role;
|
---|
5 | import org.springframework.context.annotation.Bean;
|
---|
6 | import org.springframework.context.annotation.Configuration;
|
---|
7 | import org.springframework.security.authentication.AuthenticationManager;
|
---|
8 | import org.springframework.security.authentication.AuthenticationProvider;
|
---|
9 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
---|
10 | import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
---|
11 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
---|
12 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
---|
13 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
---|
14 | import org.springframework.security.config.http.SessionCreationPolicy;
|
---|
15 | import org.springframework.security.core.userdetails.UserDetailsService;
|
---|
16 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
---|
17 | import org.springframework.security.crypto.password.PasswordEncoder;
|
---|
18 | import org.springframework.security.web.SecurityFilterChain;
|
---|
19 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
---|
20 |
|
---|
21 | @Configuration
|
---|
22 | @EnableWebSecurity
|
---|
23 | @RequiredArgsConstructor
|
---|
24 | public class SecurityConfiguration {
|
---|
25 |
|
---|
26 | private final JwtAuthFilter jwtAuthFilter;
|
---|
27 | private final UserDetailsService userDetailsService;
|
---|
28 |
|
---|
29 | @Bean
|
---|
30 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
---|
31 | http.csrf(AbstractHttpConfigurer::disable)
|
---|
32 | .authorizeHttpRequests(request -> request
|
---|
33 | .requestMatchers(
|
---|
34 | "/api/auth/**",
|
---|
35 | "/api/job-advertisements/**",
|
---|
36 | "/api/applications/**",
|
---|
37 | "/api/recruiter/**",
|
---|
38 | "/api/job-seeker/**"
|
---|
39 | ).permitAll()
|
---|
40 | .requestMatchers("/api/admin/**").hasAnyAuthority(Role.ROLE_ADMIN.name())
|
---|
41 | .requestMatchers("/api/recruiter/{id}/edit-info").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
42 | .requestMatchers("/api/recruiter/submit-logo").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
43 | .requestMatchers("/api/job-seeker/{id}/edit-info").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
44 | .requestMatchers("/api/job-seeker/submit-profile-pic").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
|
---|
45 | .requestMatchers("/api/job-advertisements/add").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
46 | .requestMatchers("/api/job-advertisements/edit/{id}").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
47 | .requestMatchers("/api/job-advertisements/delete/{id}").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
48 | .requestMatchers("/api/applications/{id}/update").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
49 | .requestMatchers("/api/job-advertisements/{advertisement_id}/applications").hasAnyAuthority(Role.ROLE_RECRUITER.name())
|
---|
50 | .requestMatchers("/api/applications/submit").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
|
---|
51 | .requestMatchers("/api/my-applications/{id}").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
|
---|
52 | .anyRequest().authenticated())
|
---|
53 | .sessionManagement(manager -> manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
---|
54 | .authenticationProvider(authenticationProvider()).addFilterBefore(
|
---|
55 | jwtAuthFilter, UsernamePasswordAuthenticationFilter.class
|
---|
56 | );
|
---|
57 | return http.build();
|
---|
58 | }
|
---|
59 |
|
---|
60 | @Bean
|
---|
61 | public AuthenticationProvider authenticationProvider() {
|
---|
62 | DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
|
---|
63 | authenticationProvider.setUserDetailsService(userDetailsService);
|
---|
64 | authenticationProvider.setPasswordEncoder(passwordEncoder());
|
---|
65 | return authenticationProvider;
|
---|
66 | }
|
---|
67 |
|
---|
68 | @Bean
|
---|
69 | public PasswordEncoder passwordEncoder() {
|
---|
70 | return new BCryptPasswordEncoder();
|
---|
71 | }
|
---|
72 |
|
---|
73 | @Bean
|
---|
74 | public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
|
---|
75 | return config.getAuthenticationManager();
|
---|
76 | }
|
---|
77 | }
|
---|