AndriDiki/smartproc-be
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
f0dfef725a17a36431460665ecfffe1706c3a395
smartproc-be/src/main/java/com/iconplus/smartproc/configuration/WebSecurityConfig.java
dirgantarasiahaan c833f09200 fix authentication
2023-05-25 14:54:43 +07:00

58 lines
2.2 KiB
Java
Raw Blame History

package com.iconplus.smartproc.configuration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Autowired
private JwtAuthenticationAccessDenied jwtAuthenticationAccessDenied;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.sessionFixation().none().and()
.csrf().disable();
httpSecurity.authorizeRequests()
.antMatchers("/api*/**").permitAll()
.antMatchers("/api/authentication/*").permitAll()
.antMatchers("/actuator/health").permitAll()
.antMatchers("/swagger*/**").permitAll()
.antMatchers("/v2*/**").permitAll()
.antMatchers("/token/jwks.json").permitAll()
.anyRequest().authenticated().and()
.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint)
.accessDeniedHandler(jwtAuthenticationAccessDenied);
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v2/api-docs",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**");
}
}
Reference in New Issue View Git Blame Copy Permalink