42. Test custom exception handling (#3)

2021-09-06 17:07:10 +03:00
parent d71878c59c
commit cc3b56e448
5 changed files with 84 additions and 3 deletions
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecurityConfig.java
@ -1,10 +1,10 @@
 package net.shyshkin.study.fullstack.supportportal.backend.config;

 import lombok.RequiredArgsConstructor;
-import net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAccessDeniedHandler;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthenticationEntryPoint;
 import net.shyshkin.study.fullstack.supportportal.backend.filter.JwtAuthorizationFilter;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@ -34,6 +34,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;

+    @Value("${app.public-urls}")
+    private String[] publicUrls;
+
    @Override
    protected void configure(HttpSecurity http) throws Exception {

@ -44,7 +47,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        http.authorizeRequests()
-                .antMatchers(SecurityConstants.PUBLIC_URLS).permitAll()
+                .antMatchers(publicUrls).permitAll()
                .anyRequest().authenticated();

        http.exceptionHandling()
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/constant/SecurityConstants.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/constant/SecurityConstants.java
@ -11,5 +11,4 @@ public class SecurityConstants {
    public static final String FORBIDDEN_MESSAGE = "You need to log in to access this page";
    public static final String ACCESS_DENIED_MESSAGE = "You do not have permission to access this page";
    public static final String OPTIONS_HTTP_METHOD = "OPTIONS";
-    public static final String[] PUBLIC_URLS = { "/user/login", "/user/register", "/user/image/**" };
 }
--- a/support-portal-backend/src/main/resources/application.yml
+++ b/support-portal-backend/src/main/resources/application.yml
@ -11,6 +11,7 @@ spring:
      hibernate:
        dialect: org.hibernate.dialect.MySQL8Dialect
 app:
+  public-urls: /user/login,/user/register,/user/image/**
  jwt:
    secret: VeRy_5ecretP@55W0rd!
 #    secret: ${random.value} #Does not work - every time generates new value