69 lines
3.2 KiB
Java
69 lines
3.2 KiB
Java
package pl.edu.amu.wmi.bookapi.security;
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.http.HttpMethod;
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.web.cors.CorsConfiguration;
|
|
import org.springframework.web.cors.CorsConfigurationSource;
|
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
|
|
|
import static pl.edu.amu.wmi.bookapi.security.JWTAuthenticationFilter.LOG_IN_URL;
|
|
import static pl.edu.amu.wmi.bookapi.security.JWTAuthenticationFilter.SIGN_UP_URL;
|
|
|
|
@EnableWebSecurity
|
|
public class WebSecurity extends WebSecurityConfigurerAdapter {
|
|
private UserDetailsSecurityServiceImpl userDetailsService;
|
|
private BCryptPasswordEncoder bCryptPasswordEncoder;
|
|
|
|
public WebSecurity(UserDetailsSecurityServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
|
|
this.userDetailsService = userDetailsService;
|
|
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
|
}
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http.csrf().disable()
|
|
.authorizeRequests()
|
|
// .antMatchers(HttpMethod.GET, "/api/books", "/api/messages/", "/api/messages/*", "/api/books/public").permitAll()
|
|
// .antMatchers(HttpMethod.DELETE, "/api/books/*").permitAll()
|
|
// .antMatchers(HttpMethod.PATCH, "/api/books/*").permitAll()
|
|
.antMatchers(HttpMethod.POST,
|
|
SIGN_UP_URL,
|
|
LOG_IN_URL,
|
|
"/api/books/image").permitAll()
|
|
.anyRequest().authenticated()
|
|
.and()
|
|
.addFilter(
|
|
this.getConfiguredJwtAuthenticationFilter()
|
|
)
|
|
.addFilter(
|
|
new JWTAuthorizationFilter(authenticationManager())
|
|
)
|
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
|
}
|
|
|
|
private JWTAuthenticationFilter getConfiguredJwtAuthenticationFilter() throws Exception{
|
|
System.out.println("JWT Auth");
|
|
JWTAuthenticationFilter jwtFilter = new JWTAuthenticationFilter(authenticationManager());
|
|
jwtFilter.setFilterProcessesUrl("/users/login");
|
|
|
|
return jwtFilter;
|
|
}
|
|
|
|
@Override
|
|
public void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
|
|
}
|
|
|
|
@Bean
|
|
CorsConfigurationSource corsConfigurationSource() {
|
|
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
|
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
|
|
return source;
|
|
}
|
|
} |