foundation.cmo.api.mls.graphql.security.MHttpSecurityConfig Maven / Gradle / Ivy
package foundation.cmo.api.mls.graphql.security;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;
import foundation.cmo.api.mls.graphql.security.services.IMUserDetails;
import foundation.cmo.api.mls.graphql.security.services.JwtService;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@Configuration
@RequiredArgsConstructor
public class MHttpSecurityConfig {
private final OncePerRequestFilter jwtAuthFilter = getJwtAuthFilter();
@Autowired
private JwtService jwtService;
@Autowired
private IMUserDetails userDetails;
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
log.info("--------------");
return http.cors(cors -> cors.disable()).csrf(csrf -> csrf.disable())
.sessionManagement(custom -> custom.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(getAuthenticationProvider)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeHttpRequests(auth -> {
auth.regexMatchers(HttpMethod.GET, "/gui", "/graphql").permitAll();
// auth.regexMatchers(HttpMethod.POST, "/graphql2").hasAuthority("USER");
auth.regexMatchers(HttpMethod.POST, "/graphql").permitAll();
// auth.regexMatchers(HttpMethod.POST, "/graphql").permitAll();
auth.anyRequest().authenticated();
}).build();
}
private OncePerRequestFilter getJwtAuthFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
final String AUTHORIZATION = "Authorization";
final String BEARER = "Bearer";
final String authorizationHeader = request.getHeader(AUTHORIZATION);
if (authorizationHeader == null || !authorizationHeader.startsWith(BEARER)) {
filterChain.doFilter(request, response);
return;
}
final String token = authorizationHeader.replace(BEARER, "").trim();
final String username;
try {
} catch (Exception e) {
log.error(e.getMessage());
}
// username = jwtService.extractUsername(token);
//
// if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
// MUserDetails user = MUserDetails.to(userDetails.getUserFromUsername(username));
// if (jwtService.isTokenValid(token, user)) {
// Date expiration = jwtService.extractExpiration(token);
// user.getUser().setAccessValidUntil(expiration);
//
// UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
// user, null, user.getAuthorities());
// authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
// SecurityContextHolder.getContext().setAuthentication(authenticationToken);
// }
// }
filterChain.doFilter(request, response);
}
};
}
private AuthenticationProvider getAuthenticationProvider = new AuthenticationProvider() {
@Override
public boolean supports(Class authentication) {
return true;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
return null;
}
};
}