1 | package com.tourMate.config;
|
---|
2 |
|
---|
3 | import com.fasterxml.jackson.databind.ObjectMapper;
|
---|
4 | import jakarta.servlet.http.HttpServletResponse;
|
---|
5 | import org.springframework.context.annotation.Bean;
|
---|
6 | import org.springframework.context.annotation.Configuration;
|
---|
7 | import org.springframework.http.HttpHeaders;
|
---|
8 | import org.springframework.http.HttpMethod;
|
---|
9 | import org.springframework.http.HttpStatus;
|
---|
10 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
---|
11 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
---|
12 | import org.springframework.security.config.http.SessionCreationPolicy;
|
---|
13 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
---|
14 | import org.springframework.security.crypto.password.PasswordEncoder;
|
---|
15 | import org.springframework.security.web.SecurityFilterChain;
|
---|
16 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
---|
17 | import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
|
---|
18 | import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
---|
19 | import org.springframework.web.cors.CorsConfiguration;
|
---|
20 | import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
---|
21 | import org.springframework.web.filter.CorsFilter;
|
---|
22 | import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
---|
23 | import java.util.Arrays;
|
---|
24 |
|
---|
25 | import static org.springframework.security.config.Customizer.withDefaults;
|
---|
26 |
|
---|
27 | @Configuration
|
---|
28 | @EnableWebSecurity
|
---|
29 | public class SecurityConfig {
|
---|
30 |
|
---|
31 | @Bean
|
---|
32 | public CorsConfiguration corsConfiguration() {
|
---|
33 | CorsConfiguration config = new CorsConfiguration();
|
---|
34 | config.setAllowCredentials(true);
|
---|
35 | config.addAllowedOrigin("http://localhost:3000");
|
---|
36 | config.addAllowedHeader("*");
|
---|
37 | config.setAllowedMethods(Arrays.asList(
|
---|
38 | HttpMethod.POST.name(),
|
---|
39 | HttpMethod.GET.name(),
|
---|
40 | HttpMethod.DELETE.name(),
|
---|
41 | HttpMethod.PUT.name()
|
---|
42 | ));
|
---|
43 | config.setMaxAge(3600L);
|
---|
44 | return config;
|
---|
45 | }
|
---|
46 |
|
---|
47 |
|
---|
48 | @Bean
|
---|
49 | public FilterRegistrationBean<CorsFilter> corsFilter() {
|
---|
50 | UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
---|
51 | source.registerCorsConfiguration("/**", corsConfiguration());
|
---|
52 | FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
|
---|
53 | bean.setOrder(-102);
|
---|
54 | return bean;
|
---|
55 | }
|
---|
56 | @Bean
|
---|
57 | public PasswordEncoder passwordEncoder() {
|
---|
58 | return new BCryptPasswordEncoder();
|
---|
59 | }
|
---|
60 |
|
---|
61 | @Bean
|
---|
62 | public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
---|
63 | http
|
---|
64 | .csrf().disable()
|
---|
65 | .authorizeHttpRequests((authz) -> {
|
---|
66 | try {
|
---|
67 | authz
|
---|
68 | .requestMatchers(new AntPathRequestMatcher("/1/hasBusiness")).permitAll()
|
---|
69 | .requestMatchers(new AntPathRequestMatcher("/business/1/unapproved")).permitAll()
|
---|
70 | .requestMatchers(new AntPathRequestMatcher("/register")).permitAll()
|
---|
71 | .requestMatchers(new AntPathRequestMatcher("/hotel/search")).permitAll()
|
---|
72 | .requestMatchers(new AntPathRequestMatcher("/transport/search")).permitAll()
|
---|
73 | .requestMatchers(new AntPathRequestMatcher("/business/*")).hasAnyAuthority("SUPERADMIN")
|
---|
74 | .anyRequest().authenticated()
|
---|
75 | .and()
|
---|
76 | .formLogin()
|
---|
77 | .loginProcessingUrl("/api/login").usernameParameter("username").passwordParameter("password")
|
---|
78 | .successHandler((request, response, authentication) -> {
|
---|
79 | response.setStatus(HttpServletResponse.SC_OK);
|
---|
80 | response.setCharacterEncoding("UTF-8");
|
---|
81 | response.setContentType("application/json");
|
---|
82 | response.getWriter().print("{\"message\": \"Login successful\",");
|
---|
83 | response.getWriter().print("\"auth\":" + new ObjectMapper().writeValueAsString(authentication) + "}");
|
---|
84 | response.getWriter().flush();
|
---|
85 | })
|
---|
86 | .failureHandler((request, response, exception) -> {
|
---|
87 | response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
---|
88 | response.sendRedirect("/login");
|
---|
89 | response.getWriter().print("Neuspesna najava\n" + exception.getMessage());
|
---|
90 | response.getWriter().flush();
|
---|
91 | })
|
---|
92 | .permitAll()
|
---|
93 | .and()
|
---|
94 | .sessionManagement()
|
---|
95 | .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
|
---|
96 | .and()
|
---|
97 | .logout().logoutSuccessHandler((new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK)))
|
---|
98 | .permitAll();
|
---|
99 |
|
---|
100 | } catch (Exception e) {
|
---|
101 | throw new RuntimeException(e);
|
---|
102 | }
|
---|
103 | }
|
---|
104 | ).httpBasic();
|
---|
105 | return http.build();
|
---|
106 | }
|
---|
107 | }
|
---|