Acasă Explorează Ajutor
Înregistrare Autentificare
dkb
/
auth-service
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: b3aad8dc8b
Ramuri Etichete
auth-service
/
src
/
main
/
java
/
com
/
danielbohry
/
authservice
/
config
/
SecurityConfig.java

SecurityConfig.java 3.9 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. package com.danielbohry.authservice.config;
    2. 

  2. 

  3. import com.danielbohry.authservice.service.auth.JwtAuthenticationFilter;
    4. 

  4. import com.danielbohry.authservice.service.auth.RateLimitingFilter;
    5. 

  5. import com.danielbohry.authservice.service.user.UserService;
    6. 

  6. import lombok.RequiredArgsConstructor;
    7. 

  7. import org.springframework.context.annotation.Bean;
    8. 

  8. import org.springframework.context.annotation.Configuration;
    9. 

  9. import org.springframework.security.authentication.AuthenticationManager;
    10. 

  10. import org.springframework.security.authentication.AuthenticationProvider;
    11. 

  11. import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
    12. 

  12. import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
    13. 

  13. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    14. 

  14. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    15. 

  15. import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
    16. 

  16. import org.springframework.security.config.http.SessionCreationPolicy;
    17. 

  17. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    18. 

  18. import org.springframework.security.crypto.password.PasswordEncoder;
    19. 

  19. import org.springframework.security.web.SecurityFilterChain;
    20. 

  20. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
    21. 

  21. import org.springframework.http.HttpMethod;
    22. 

  22. 

  23. import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
    24. 

  24. 

  25. @Configuration
    26. 

  26. @EnableWebSecurity
    27. 

  27. @RequiredArgsConstructor
    28. 

  28. public class SecurityConfig {
    29. 

  29. 

  30.     private final JwtAuthenticationFilter jwtAuthenticationFilter;
    31. 

  31.     private final RateLimitingFilter rateLimitingFilter;
    32. 

  32.     private final UserService userService;
    33. 

  33. 

  34.     @Bean
    35. 

  35.     public SecurityFilterChain securityFilterChain(HttpSecurity http) {
    36. 

  36.         http
    37. 

  37.                 .csrf(AbstractHttpConfigurer::disable)
    38. 

  38.                 .authorizeHttpRequests(requests -> requests
    39. 

  39.                         .requestMatchers(
    40. 

  40.                                 "/actuator/health",
    41. 

  41.                                 "/actuator/info",
    42. 

  42.                                 "/actuator/prometheus",
    43. 

  43.                                 "/api/register",
    44. 

  44.                                 "/api/authenticate",
    45. 

  45.                                 "/api/forgot-password"
    46. 

  46.                         ).permitAll()
    47. 

  47.                         .requestMatchers(
    48. 

  48.                                 "/",
    49. 

  49.                                 "/index.html",
    50. 

  50.                                 "/admin.html",
    51. 

  51.                                 "/css/**",
    52. 

  52.                                 "/js/**",
    53. 

  53.                                 "/img/**"
    54. 

  54.                         ).permitAll()
    55. 

  55.                         .requestMatchers(HttpMethod.OPTIONS, "/api/users", "/api/authorize", "/api/refresh").permitAll()
    56. 

  56.                         .requestMatchers("/api/users", "/api/authorize", "/api/refresh").authenticated()
    57. 

  57.                         .anyRequest().authenticated()
    58. 

  58.                 )
    59. 

  59.                 .sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS))
    60. 

  60.                 .authenticationProvider(authenticationProvider())
    61. 

  61.                 .addFilterBefore(rateLimitingFilter, UsernamePasswordAuthenticationFilter.class)
    62. 

  62.                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    63. 

  63. 

  64.         return http.build();
    65. 

  65.     }
    66. 

  66. 

  67.     @Bean
    68. 

  68.     public PasswordEncoder passwordEncoder() {
    69. 

  69.         return new BCryptPasswordEncoder();
    70. 

  70.     }
    71. 

  71. 

  72.     @Bean
    73. 

  73.     public AuthenticationProvider authenticationProvider() {
    74. 

  74.         DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(userService.userDetailsService());
    75. 

  75.         authProvider.setPasswordEncoder(passwordEncoder());
    76. 

  76.         return authProvider;
    77. 

  77.     }
    78. 

  78. 

  79.     @Bean
    80. 

  80.     public AuthenticationManager authenticationManager(AuthenticationConfiguration config) {
    81. 

  81.         return config.getAuthenticationManager();
    82. 

  82.     }
    83. 

  83. 

  84. }
    85.