package app.todo.security.configuration;import app.todo.security.jwt.JWTAuth

1. package app.todo.security.configuration;
2.  
3. import app.todo.security.jwt.JWTAuthenticationFilter;
4. import app.todo.security.jwt.JWTAuthorizationFilter;
5. import org.springframework.context.annotation.Bean;
6. import org.springframework.context.annotation.Configuration;
7. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
8. import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
9. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
10. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
11. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
12. import org.springframework.security.core.userdetails.UserDetailsService;
13. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
14. import org.springframework.security.crypto.password.PasswordEncoder;
15. import org.springframework.web.cors.CorsConfiguration;
16. import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
17. import org.springframework.web.filter.CorsFilter;
18.  
19. @EnableGlobalMethodSecurity(prePostEnabled = true)
20. @Configuration
21. @EnableWebSecurity
22. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
23.  
24. private final UserDetailsService userDetailsService;
25.  
26. public SecurityConfiguration(UserDetailsService userDetailsService) {
27. this.userDetailsService = userDetailsService;
28. }
29.  
30. /**
31. *Configures what endpoints are accessible and what are not for public users
32. * */
33. @Override
34. protected void configure(HttpSecurity http) throws Exception {
35. http.cors().and().csrf().disable().authorizeRequests()
36. .antMatchers("/register").permitAll()
37. .antMatchers("/confirm").permitAll()
38. .anyRequest().authenticated()
39. .and()
40. .addFilter(new JWTAuthenticationFilter(authenticationManager()))
41. .addFilter(new JWTAuthorizationFilter(authenticationManager()));
42. }
43.  
44. /**
45. * Configures what service it will use to authenticate
46. * @param auth
47. * @throws Exception
48. */
49. @Override
50. protected void configure(AuthenticationManagerBuilder auth) throws Exception {
51. PasswordEncoder encoder = this.passwordEncoder();
52. auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
53. }
54.  
55. /**
56. * Spring beans
57. * */
58. @Bean
59. public PasswordEncoder passwordEncoder() {
60. return new BCryptPasswordEncoder();
61. }
62.  
63. @Bean
64. public CorsFilter corsFilter() {
65. UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
66. CorsConfiguration config = new CorsConfiguration();
67. config.setAllowCredentials(true);
68. config.addAllowedOrigin("*");
69. config.addAllowedHeader("*");
70. config.addAllowedMethod("OPTIONS");
71. config.addAllowedMethod("GET");
72. config.addAllowedMethod("POST");
73. config.addAllowedMethod("PUT");
74. config.addAllowedMethod("DELETE");
75. config.addExposedHeader("Authorization");
76. source.registerCorsConfiguration("/**", config);
77. return new CorsFilter(source);
78. }
79.  
80. }