Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.example.proarea.config;
- import com.example.proarea.enums.Roles;
- import com.example.proarea.security.jwt.JwtAuthEntryPoint;
- import com.example.proarea.security.jwt.JwtAuthTokenFilter;
- import com.example.proarea.services.serviceimpl.UserDetailsServiceImpl;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.builders.WebSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.config.http.SessionCreationPolicy;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- private UserDetailsServiceImpl userDetailsService;
- private JwtAuthEntryPoint unauthorizedHandler;
- //swagger urls
- private static final String[] SWAGGER_RESOURCES = {"/v2/api-docs*", "/swagger-ui.html", "/webjars/springfox-swagger-ui/**", "/swagger-resources/**"};
- @Autowired
- public WebSecurityConfig(UserDetailsServiceImpl userDetailsService, JwtAuthEntryPoint unauthorizedHandler) {
- this.userDetailsService = userDetailsService;
- this.unauthorizedHandler = unauthorizedHandler;
- }
- @Bean
- public JwtAuthTokenFilter authenticationJwtTokenFilter() {
- return new JwtAuthTokenFilter();
- }
- @Override
- public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
- authenticationManagerBuilder
- .userDetailsService(userDetailsService)
- .passwordEncoder(passwordEncoder());
- authenticationManagerBuilder.inMemoryAuthentication()
- .withUser("admin")
- .password("admin")
- .roles(String.valueOf(Roles.ADMIN));
- }
- @Bean
- @Override
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
- }
- //in this method we set path that should avoid security in our case swagger
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers(SWAGGER_RESOURCES);
- }
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.cors().and().csrf().disable().
- authorizeRequests()
- .antMatchers("/admin/ban/{login}").hasRole(String.valueOf(Roles.ADMIN))
- .antMatchers("/signin**",
- "/signup**",
- "/forgot-password**",
- "/reset-password**").permitAll()
- .anyRequest().authenticated()
- .and()
- .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
- http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement