Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.fuck.off.test;
- import com.sbgpoc.van_der_sar.CustomUserDetailsService;
- import com.sbgpoc.van_der_sar.JwtAuthenticationEntryPoint;
- import com.sbgpoc.van_der_sar.JwtAuthenticationFilter;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.config.BeanIds;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.config.http.SessionCreationPolicy;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- /*
- * Explanations:
- *
- * @Configuration - Indicates that a class declares one or more @Bean methods
- * @EnableWebSecurity - self explanatory
- * @EnableGlobalMethodSecurity(
- securedEnabled = true, - allows you to user @Secured
- jsr250Enabled = true, - allows you to use @RolesAllowed
- prePostEnabled = true - allows you to use @PreAuth
- )
- *
- * CustomUserDetailService - Spring security needs to load user to perform various role-based checks
- * - Because of that it has a interface called UserDetailsService which has a single method that loads a user based on the username
- * - loadByUsername(String username) - returns an instance of a class that implements CustomUserDetails interface
- *
- * JwtAuthenticationEntryPoint - This class is used to return a 401 unauthorized error to clients that try to access a protected resource without proper authentication
- * - It implements Spring Security’s AuthenticationEntryPoint interface.
- *
- * JwtAuthenticationFilter - implements a filter that:
- * 1. reads JWT token from the Authorisation header of all the requests
- * 2. validates the token
- * 3. loads the user details associated with that token
- * 4. Sets the user details in Spring Security's SecurityContext -> Spring Security uses the user details to perform authorization checks
- *
- * AuthenticationManagerBuilder is used to create an AuthenticationManager instance which is the main Spring Security interface for authenticating a user.
- * You can use AuthenticationManagerBuilder to build in-memory authentication, LDAP authentication, JDBC authentication, or add your custom authentication provider.
- *
- *
- * HttpSecurity configurations - used to configure security functionalities like csrf, sessionManagement, and add rules to protect resources based on various conditions
- * */
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(
- securedEnabled = true,
- jsr250Enabled = true,
- prePostEnabled = true
- )
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private JwtAuthenticationEntryPoint unauthorizedHandler;
- @Autowired
- CustomUserDetailsService customUserDetailsService;
- @Bean
- public JwtAuthenticationFilter jwtAuthenticationFilter() {
- return new JwtAuthenticationFilter();
- }
- @Override
- public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
- authenticationManagerBuilder.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
- }
- @Bean(BeanIds.AUTHENTICATION_MANAGER)
- @Override
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
- }
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.cors()
- .and()
- .csrf().disable()
- .exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
- .and()
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .authorizeRequests()
- .antMatchers("/",
- "/**/*.png",
- "/**/*.gif",
- "/**/*.svg",
- "/**/*.jpg",
- "/**/*.html",
- "/**/*.css",
- "/**/*.js").permitAll()
- .anyRequest().authenticated();
- http.addFilterAfter(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement