From 793125ddd28715cf19323d61416fed39466dd1b9 Mon Sep 17 00:00:00 2001 From: Art Date: Sun, 5 Sep 2021 22:45:12 +0300 Subject: [PATCH] 35. Security configuration (#2) --- .../backend/config/SecurityConfig.java | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java new file mode 100644 index 0000000..d4cb06e --- /dev/null +++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java @@ -0,0 +1,76 @@ +package net.shyshkin.study.fullstack.supportportal.backend.config; + +import lombok.RequiredArgsConstructor; +import net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants; +import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAccessDeniedHandler; +import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthenticationEntryPoint; +import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthorizationFilter; +import org.springframework.context.annotation.Bean; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.DelegatingPasswordEncoder; +import org.springframework.security.crypto.password.NoOpPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder; +import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +import java.util.HashMap; +import java.util.Map; + +@EnableWebSecurity +@EnableGlobalMethodSecurity(prePostEnabled = true) +@RequiredArgsConstructor +public class SecurityConfig extends WebSecurityConfigurerAdapter { + + private final JwtAuthorizationFilter jwtAuthorizationFilter; + private final UserDetailsService userService; + private final JwtAccessDeniedHandler jwtAccessDeniedHandler; + private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; + + @Override + protected void configure(HttpSecurity http) throws Exception { + + http.csrf().disable(); + + http.cors(); + + http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + + http.authorizeRequests() + .antMatchers(SecurityConstants.PUBLIC_URLS).permitAll() + .anyRequest().authenticated(); + + http.exceptionHandling() + .accessDeniedHandler(jwtAccessDeniedHandler) + .authenticationEntryPoint(jwtAuthenticationEntryPoint); + + http.addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth + .userDetailsService(userService) + .passwordEncoder(passwordEncoder()); + } + + @Bean + PasswordEncoder passwordEncoder() { + String idForEncode = "bcrypt"; + Map encoders = new HashMap<>(); + encoders.put(idForEncode, new BCryptPasswordEncoder()); + encoders.put("noop", NoOpPasswordEncoder.getInstance()); + encoders.put("pbkdf2", new Pbkdf2PasswordEncoder()); + encoders.put("scrypt", new SCryptPasswordEncoder()); + + return new DelegatingPasswordEncoder(idForEncode, encoders); + } + +}