From 6db8242da416e6a56fffc03501a40603f62d35a8 Mon Sep 17 00:00:00 2001 From: Petr Rudichev Date: Wed, 19 Feb 2025 10:54:02 +0300 Subject: [PATCH] feat: added SwaggerConfig and WebSecurityConfig --- .../com/example/nto/config/SwaggerConfig.java | 20 +++++++ .../example/nto/config/WebSecurityConfig.java | 53 +++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 src/main/java/com/example/nto/config/SwaggerConfig.java create mode 100644 src/main/java/com/example/nto/config/WebSecurityConfig.java diff --git a/src/main/java/com/example/nto/config/SwaggerConfig.java b/src/main/java/com/example/nto/config/SwaggerConfig.java new file mode 100644 index 0000000..de997f4 --- /dev/null +++ b/src/main/java/com/example/nto/config/SwaggerConfig.java @@ -0,0 +1,20 @@ +package com.example.nto.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import springfox.documentation.builders.PathSelectors; +import springfox.documentation.builders.RequestHandlerSelectors; +import springfox.documentation.spi.DocumentationType; +import springfox.documentation.spring.web.plugins.Docket; + +@Configuration +public class SwaggerConfig { + @Bean + public Docket api() { + return new Docket(DocumentationType.SWAGGER_2) + .select() + .apis(RequestHandlerSelectors.basePackage("com.example.preparation")) + .paths(PathSelectors.any()) + .build(); + } +} diff --git a/src/main/java/com/example/nto/config/WebSecurityConfig.java b/src/main/java/com/example/nto/config/WebSecurityConfig.java new file mode 100644 index 0000000..350422c --- /dev/null +++ b/src/main/java/com/example/nto/config/WebSecurityConfig.java @@ -0,0 +1,53 @@ +package com.example.nto.config; + +import lombok.RequiredArgsConstructor; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +@Configuration +@EnableWebSecurity +@RequiredArgsConstructor +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + private final UserDetailsService userDetailsService; + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable() + .authorizeRequests() + .antMatchers("/h2-console/**").permitAll() + .antMatchers("/api/v1/images/**").permitAll() + .antMatchers("/api/v1/volunteers/login").permitAll() + .antMatchers("/api/v1/volunteers/register").permitAll() + + .antMatchers("/api/v1/**").permitAll() + //.antMatchers("/api/v1/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN") + .anyRequest().authenticated() + .and() + .httpBasic() + .and() + .headers().frameOptions().disable(); + } + + @Override + public void configure(WebSecurity web) { + web.ignoring().antMatchers("/api/v1/volunteers/images"); + } +}