API tools faq
paste
Advertisement
Hen_B_S

Security Config with Authentication Spring

Hen_B_S
Jan 29th, 2023 (edited)
976
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 3.43 KB | Source Code | 0 0
raw download clone embed print report
  1. package com.code.config;
  2.  
  3. import java.util.Arrays;
  4.  
  5. import org.springframework.beans.factory.annotation.Autowired;
  6. import org.springframework.context.annotation.Bean;
  7. import org.springframework.context.annotation.Configuration;
  8. import org.springframework.core.env.Environment;
  9. import org.springframework.http.HttpMethod;
  10. import org.springframework.security.authentication.AuthenticationManager;
  11. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  12. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  13. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  14. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  15. import org.springframework.security.config.http.SessionCreationPolicy;
  16. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  17. import org.springframework.security.crypto.password.PasswordEncoder;
  18. import org.springframework.security.web.AuthenticationEntryPoint;
  19. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  20. import org.springframework.web.cors.CorsConfiguration;
  21. import org.springframework.web.cors.CorsConfigurationSource;
  22. import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
  23.  
  24. import com.altercode.gerencg.service.UserService;
  25.  
  26. @Configuration
  27. @EnableWebSecurity
  28. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  29.  
  30.     @Autowired
  31.     private Environment env;
  32.  
  33.     @Autowired
  34.     private UserService userService;
  35.  
  36.     @Autowired
  37.     private JWTTokenHelper jwtTokenHelper;
  38.  
  39.     @Autowired
  40.     private AuthenticationEntryPoint authenticationEntryPoint;
  41.  
  42.     @Bean
  43.     @Override
  44.     public AuthenticationManager authenticationManagerBean() throws Exception {
  45.         return super.authenticationManagerBean();
  46.     }
  47.  
  48.     @Override
  49.     protected void configure(HttpSecurity http) throws Exception {
  50.  
  51.         // h2-console
  52.         if (Arrays.asList(env.getActiveProfiles()).contains("test")) {
  53.             http.headers().frameOptions().disable();
  54.         }
  55.  
  56.         http.cors().and().csrf().disable();
  57.         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling()
  58.                 .authenticationEntryPoint(authenticationEntryPoint).and()
  59.                 .authorizeRequests((request) -> request.antMatchers("/h2-console/**", "/api/v1/auth/login").permitAll()
  60.                         .antMatchers(HttpMethod.OPTIONS, "/**").permitAll())
  61.                 .addFilterBefore(new JWTAuthenticationFilter(userService, jwtTokenHelper),
  62.                         UsernamePasswordAuthenticationFilter.class);
  63.  
  64.         http.authorizeRequests().anyRequest().permitAll();
  65.     }
  66.  
  67.     @Override
  68.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  69.         auth.inMemoryAuthentication().withUser("LoginApp").password(passwordEncoder().encode("passwordtest"))
  70.                 .authorities("USER", "ADMIN");
  71.         auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
  72.     }
  73.  
  74.     @Bean
  75.     public PasswordEncoder passwordEncoder() {
  76.         return new BCryptPasswordEncoder();
  77.     }
  78.  
  79.     @Bean
  80.     CorsConfigurationSource corsConfigurationSource() {
  81.         CorsConfiguration configuration = new CorsConfiguration().applyPermitDefaultValues();
  82.         configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "DELETE", "OPTIONS"));
  83.         final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  84.         source.registerCorsConfiguration("/**", configuration);
  85.         return source;
  86.     }
  87.  
  88. }
Tags: security spring authentication h2-console
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!