• Home
• in.infusers.library
• infusers-library
• 0.2.22
• source code
• WebSecurityConfiguration.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.infusers.core.security.common.WebSecurityConfiguration Maven / Gradle / Ivy

package com.infusers.core.security.common;

import java.util.Arrays;

import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration {	
	
    private final AuthenticationConfiguration authenticationConfiguration;
    private final ApplicationContext applicationContext;

		
	private static final String[] AUTH_WHITELIST = { 
			"/v2/api-docs", 
			"/api/v2/api-docs", 
			"/swagger-resources", 
			"/swagger-resources/**",
			"/configuration/ui", 
			"/configuration/security", 
			"/v3/api-docs/**", 
			"/v3/api-docs/", 
			"/v3/api-docs", 
			"/swagger-ui/**",
			"/swagger-ui/",
			"/swagger-ui",
			"/swagger-ui.html",
			"/infusers/ws/hello",
			"/infusers/ws/topic/greetings",
			"/ws",
			"/ws/**",
			"/h2-console",
			"/infusers/user/login/social",
			"/oauth2/**",
			"/verify/**",
			"/infusers/user/verify",
			"/api/auth/**",
			"/infusers/api/version",
			"/infusers/api/cloud-provider",
			"/actuator/**",
			"/actuator/",
			"/actuator",
			"/infusers/api/audit-spring-boot-dependencies",
			"/infusers/user/signup",
			"/webjars/**" };
	
	
    public WebSecurityConfiguration(AuthenticationConfiguration authenticationConfiguration, ApplicationContext ctx) {
        this.authenticationConfiguration = authenticationConfiguration;
        this.applicationContext = ctx;
    }
    
	@Bean
	 public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
		
		httpSecurity
			.cors()
			.and()
			.csrf().disable()
			.authorizeHttpRequests()
            .requestMatchers(
                    Arrays.stream(AUTH_WHITELIST)
                        .map(AntPathRequestMatcher::new)
                        .toArray(AntPathRequestMatcher[]::new)
                ).permitAll()
				//.requestMatchers(AUTH_WHITELIST).permitAll()
				.anyRequest()
				.authenticated()
			.and()
			.addFilter(new AuthenticationFilter(authenticationManager(authenticationConfiguration), this.applicationContext))
			.addFilter(new AuthorizationFilter(authenticationManager(authenticationConfiguration)))
			.sessionManagement()
			.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
			.and()
			.exceptionHandling().authenticationEntryPoint(new InfusersAuthenticationEntryPoint());
		    
		    return httpSecurity.build();
		    
	  }
	  
	  @Bean
	  public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfiguration) throws Exception {
	    return authConfiguration.getAuthenticationManager();
	  }
}