Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.tbb.demo.config;
- import com.tbb.demo.domain.UsersService;
- import com.tbb.demo.exception.NonexisitngEntityException;
- import com.tbb.demo.security.JwtAuthenticationFilter;
- import com.tbb.demo.security.JwtAuthorizationFilter;
- import com.tbb.demo.security.RestAuthenticationEntryPoint;
- import com.tbb.demo.security.RestSavedRequestAwareAuthenticationSuccessHandler;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.http.HttpMethod;
- import org.springframework.http.HttpStatus;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.config.http.SessionCreationPolicy;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.core.userdetails.UsernameNotFoundException;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
- import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
- import org.springframework.web.cors.CorsConfiguration;
- import org.springframework.web.cors.CorsConfigurationSource;
- import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
- import java.util.Arrays;
- import java.util.Collections;
- @Configuration
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private UsersService usersService;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable()
- .cors().and()
- .authorizeRequests()
- //TODO:Change this
- .antMatchers("/api/public").permitAll()
- .anyRequest().authenticated()
- .and()
- .addFilter(new JwtAuthenticationFilter(authenticationManager()))
- .addFilter(new JwtAuthorizationFilter(authenticationManager()))
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .logout()
- .deleteCookies("JSESSIONID")
- .clearAuthentication(true)
- .invalidateHttpSession(true)
- .logoutUrl("/api/logout")
- .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.ACCEPTED));
- ;
- }
- @Override
- public void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(username -> usersService.findByUsername(username));
- }
- @Bean
- public CorsConfigurationSource corsConfigurationSource() {
- final CorsConfiguration configuration = new CorsConfiguration();
- configuration.setAllowedOrigins(Arrays.asList("*"));
- configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
- configuration.setAllowCredentials(true);
- configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
- final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
- source.registerCorsConfiguration("/**", configuration);
- return source;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
