SHARE
TWEET

Untitled

a guest Dec 14th, 2019 75 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. package com.example.proarea.config;
  2.  
  3. import com.example.proarea.enums.Roles;
  4. import com.example.proarea.security.jwt.JwtAuthEntryPoint;
  5. import com.example.proarea.security.jwt.JwtAuthTokenFilter;
  6. import com.example.proarea.services.serviceimpl.UserDetailsServiceImpl;
  7. import org.springframework.beans.factory.annotation.Autowired;
  8. import org.springframework.context.annotation.Bean;
  9. import org.springframework.context.annotation.Configuration;
  10. import org.springframework.security.authentication.AuthenticationManager;
  11. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  12. import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
  13. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  14. import org.springframework.security.config.annotation.web.builders.WebSecurity;
  15. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  16. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  17. import org.springframework.security.config.http.SessionCreationPolicy;
  18. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  19. import org.springframework.security.crypto.password.PasswordEncoder;
  20. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  21.  
  22. @Configuration
  23. @EnableWebSecurity
  24. @EnableGlobalMethodSecurity(prePostEnabled = true)
  25. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  26.  
  27.     private UserDetailsServiceImpl userDetailsService;
  28.  
  29.     private JwtAuthEntryPoint unauthorizedHandler;
  30.  
  31.     //swagger urls
  32.     private static final String[] SWAGGER_RESOURCES = {"/v2/api-docs*", "/swagger-ui.html", "/webjars/springfox-swagger-ui/**", "/swagger-resources/**"};
  33.  
  34.     @Autowired
  35.     public WebSecurityConfig(UserDetailsServiceImpl userDetailsService, JwtAuthEntryPoint unauthorizedHandler) {
  36.         this.userDetailsService = userDetailsService;
  37.         this.unauthorizedHandler = unauthorizedHandler;
  38.     }
  39.  
  40.     @Bean
  41.     public JwtAuthTokenFilter authenticationJwtTokenFilter() {
  42.         return new JwtAuthTokenFilter();
  43.     }
  44.  
  45.     @Override
  46.     public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
  47.         authenticationManagerBuilder
  48.                 .userDetailsService(userDetailsService)
  49.                 .passwordEncoder(passwordEncoder());
  50.         authenticationManagerBuilder.inMemoryAuthentication()
  51.                 .withUser("admin")
  52.                 .password("admin")
  53.                 .roles(String.valueOf(Roles.ADMIN));
  54.     }
  55.  
  56.     @Bean
  57.     @Override
  58.     public AuthenticationManager authenticationManagerBean() throws Exception {
  59.         return super.authenticationManagerBean();
  60.     }
  61.  
  62.     //in this method we set path that should avoid security in our case swagger
  63.     @Override
  64.     public void configure(WebSecurity web) throws Exception {
  65.         web.ignoring().antMatchers(SWAGGER_RESOURCES);
  66.     }
  67.  
  68.     @Bean
  69.     public PasswordEncoder passwordEncoder() {
  70.         return new BCryptPasswordEncoder();
  71.     }
  72.  
  73.     @Override
  74.     protected void configure(HttpSecurity http) throws Exception {
  75.         http.cors().and().csrf().disable().
  76.                 authorizeRequests()
  77.                 .antMatchers("/admin/ban/{login}").hasRole(String.valueOf(Roles.ADMIN))
  78.                 .antMatchers("/signin**",
  79.                         "/signup**",
  80.                         "/forgot-password**",
  81.                         "/reset-password**").permitAll()
  82.                 .anyRequest().authenticated()
  83.                 .and()
  84.                 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
  85.                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  86.  
  87.         http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
  88.     }
  89. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top