4 жил өмнө · 51232d24fa
--- a/src/main/java/com/example/plantsforyou/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/example/plantsforyou/security/config/WebSecurityConfig.java
@@ -2,15 +2,21 @@ package com.example.plantsforyou.security.config;
 
				 
			
 
				 
			
 
				 import com.example.plantsforyou.appuser.AppUserService;
			
 
				+import com.example.plantsforyou.filter.CustomAuthenticationFilter;
			
 
				+import com.example.plantsforyou.filter.CustomAuthorizationFilter;
			
 
				 import lombok.AllArgsConstructor;
			
 
				 import org.springframework.context.annotation.Bean;
			
 
				 import org.springframework.context.annotation.Configuration;
			
 
				+import org.springframework.security.authentication.AuthenticationManager;
			
 
				 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
			
 
				 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			
 
				 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			
 
				 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			
 
				 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
			
 
				+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
			
 
				+
			
 
				+import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
			
 
				 
			
 
				 @Configuration
			
 
				 @AllArgsConstructor
			
@@ -22,8 +28,18 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
				 
			
 
				     @Override
			
 
				     protected void configure(HttpSecurity http) throws Exception {
			
 
				-        http.csrf().disable().authorizeRequests().antMatchers("/api/v*/registration/**").permitAll().anyRequest().authenticated().and().formLogin(); //na chwile
			
 
				+        http.csrf().disable();
			
 
				+        http.sessionManagement().sessionCreationPolicy(STATELESS);
			
 
				+        http.authorizeRequests().antMatchers("/api/v*/registration/**", "/api/v*/users/token/refresh/**").permitAll();
			
 
				+        http.authorizeRequests().antMatchers("/api/v*/**").hasAnyAuthority("USER");
			
 
				+        http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean()));
			
 
				+        http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
			
 
				+    }
			
 
				 
			
 
				+    @Bean
			
 
				+    @Override
			
 
				+    public AuthenticationManager authenticationManagerBean() throws Exception {
			
 
				+        return super.authenticationManagerBean();
			
 
				     }
			
 
				 
			
 
				     @Override