Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package app.todo.security.configuration;
- import app.todo.security.jwt.JWTAuthenticationFilter;
- import app.todo.security.jwt.JWTAuthorizationFilter;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import org.springframework.web.cors.CorsConfiguration;
- import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
- import org.springframework.web.filter.CorsFilter;
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- @Configuration
- @EnableWebSecurity
- public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
- private final UserDetailsService userDetailsService;
- public SecurityConfiguration(UserDetailsService userDetailsService) {
- this.userDetailsService = userDetailsService;
- }
- /**
- *Configures what endpoints are accessible and what are not for public users
- * */
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.cors().and().csrf().disable().authorizeRequests()
- .antMatchers("/register").permitAll()
- .antMatchers("/confirm").permitAll()
- .anyRequest().authenticated()
- .and()
- .addFilter(new JWTAuthenticationFilter(authenticationManager()))
- .addFilter(new JWTAuthorizationFilter(authenticationManager()));
- }
- /**
- * Configures what service it will use to authenticate
- * @param auth
- * @throws Exception
- */
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- PasswordEncoder encoder = this.passwordEncoder();
- auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
- }
- /**
- * Spring beans
- * */
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
- @Bean
- public CorsFilter corsFilter() {
- UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
- CorsConfiguration config = new CorsConfiguration();
- config.setAllowCredentials(true);
- config.addAllowedOrigin("*");
- config.addAllowedHeader("*");
- config.addAllowedMethod("OPTIONS");
- config.addAllowedMethod("GET");
- config.addAllowedMethod("POST");
- config.addAllowedMethod("PUT");
- config.addAllowedMethod("DELETE");
- config.addExposedHeader("Authorization");
- source.registerCorsConfiguration("/**", config);
- return new CorsFilter(source);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement