55 lines
2.5 KiB
Java
55 lines
2.5 KiB
Java
package pl.edu.amu.wmi.bookapi.security;
|
|
|
|
import org.springframework.context.annotation.*;
|
|
import org.springframework.http.*;
|
|
import org.springframework.security.config.annotation.authentication.builders.*;
|
|
import org.springframework.security.config.annotation.web.builders.*;
|
|
import org.springframework.security.config.annotation.web.configuration.*;
|
|
import org.springframework.security.config.http.*;
|
|
import org.springframework.security.crypto.bcrypt.*;
|
|
import org.springframework.web.cors.*;
|
|
|
|
import static pl.edu.amu.wmi.bookapi.security.JWTAuthenticationFilter.*;
|
|
|
|
@EnableWebSecurity
|
|
public class WebSecurity extends WebSecurityConfigurerAdapter {
|
|
private UserDetailsSecurityServiceImpl userDetailsService;
|
|
private BCryptPasswordEncoder bCryptPasswordEncoder;
|
|
|
|
public WebSecurity(UserDetailsSecurityServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
|
|
this.userDetailsService = userDetailsService;
|
|
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
|
}
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http.cors().and().csrf().disable()
|
|
.authorizeRequests()
|
|
.antMatchers(HttpMethod.GET, "/api/books", "/api/messages/", "/api/messages/*", "/api/books/public").permitAll()
|
|
.antMatchers(HttpMethod.DELETE, "/api/books/*").permitAll()
|
|
.antMatchers(HttpMethod.PATCH, "/api/books/*").permitAll()
|
|
.antMatchers(HttpMethod.POST,
|
|
SIGN_UP_URL,
|
|
"/api/books",
|
|
"/api/books/image",
|
|
"/api/messages").permitAll()
|
|
.anyRequest().authenticated()
|
|
.and()
|
|
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
|
|
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
|
|
// this disables session creation on Spring Security
|
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
|
}
|
|
|
|
@Override
|
|
public void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
|
|
}
|
|
|
|
@Bean
|
|
CorsConfigurationSource corsConfigurationSource() {
|
|
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
|
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
|
|
return source;
|
|
}
|
|
} |