Strona główna Odkrywaj Pomoc
Zaloguj się
pk-3
/
PlantsForYou-Technologie-Handlu-Elektronicznego
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Update WebSecurityConfig for JWT auth

Blazej 4 lat temu
rodzic
6703471218
commit
51232d24fa
1 zmienionych plików z 17 dodań i 1 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 17 1
      src/main/java/com/example/plantsforyou/security/config/WebSecurityConfig.java

+ 17 - 1
src/main/java/com/example/plantsforyou/security/config/WebSecurityConfig.java
Wyświetl plik 

@@ -2,15 +2,21 @@ package com.example.plantsforyou.security.config;
 
 
 
 import com.example.plantsforyou.appuser.AppUserService;
 
+import com.example.plantsforyou.filter.CustomAuthenticationFilter;
 
+import com.example.plantsforyou.filter.CustomAuthorizationFilter;
 
 import lombok.AllArgsConstructor;
 
 import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.Configuration;
 
+import org.springframework.security.authentication.AuthenticationManager;
 
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
+
 
+import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
 
 
 @Configuration
 
 @AllArgsConstructor
 
@@ -22,8 +28,18 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 
     @Override
 
     protected void configure(HttpSecurity http) throws Exception {
 
-        http.csrf().disable().authorizeRequests().antMatchers("/api/v*/registration/**").permitAll().anyRequest().authenticated().and().formLogin(); //na chwile
 
+        http.csrf().disable();
 
+        http.sessionManagement().sessionCreationPolicy(STATELESS);
 
+        http.authorizeRequests().antMatchers("/api/v*/registration/**", "/api/v*/users/token/refresh/**").permitAll();
 
+        http.authorizeRequests().antMatchers("/api/v*/**").hasAnyAuthority("USER");
 
+        http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean()));
 
+        http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
 
+    }
 
 
+    @Bean
 
+    @Override
 
+    public AuthenticationManager authenticationManagerBean() throws Exception {
 
+        return super.authenticationManagerBean();
 
     }
 
 
     @Override