A1pha/inverse-back
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
inverse-back/src/main/java/com/example/nto/config/WebSecurityConfig.java

65 lines
2.5 KiB
Java
Raw Blame History

package com.example.nto.config;
import com.example.nto.service.EmployeeService;
import lombok.RequiredArgsConstructor;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.support.ErrorPageFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import javax.servlet.Filter;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/h2-console/**").permitAll()
.antMatchers("/api/employees/register").permitAll()
.antMatchers("/api/employees/{login}").permitAll()
.antMatchers("/api/employees/paginated").permitAll()
.antMatchers("/api/employees/unoccupied").permitAll()
.antMatchers("/api/authority/").permitAll()
.antMatchers("/api/employees/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
.antMatchers("/api/employees/login").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.headers().frameOptions().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public ErrorPageFilter errorPageFilter() {
return new ErrorPageFilter();
}
}
Reference in New Issue View Git Blame Copy Permalink