com.infusers.core.security.common.WebSecurityConfiguration Maven / Gradle / Ivy
package com.infusers.core.security.common;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.infusers.core.user.util.UserUtility;
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration {
private final ApplicationContext applicationContext;
@Autowired
private UserUtility userUtility;
@Autowired
private ApplicationEventPublisher eventPublisher;
private static final String[] AUTH_WHITELIST = {
"/v2/api-docs",
"/api/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/v3/api-docs/**",
"/v3/api-docs/",
"/v3/api-docs",
"/swagger-ui/**",
"/swagger-ui/",
"/swagger-ui",
"/swagger-ui.html",
"/infusers/ws/hello",
"/infusers/ws/topic/greetings",
"/ws",
"/ws/**",
"/h2-console",
"/infusers/user/login/social",
"/oauth2/**",
"/verify/**",
"/infusers/user/verify",
"/api/auth/**",
"/infusers/api/version",
"/infusers/quotes/**",
"/infusers/platform/**",
"/infusers/api/cloud-provider",
"/actuator/**",
"/actuator/",
"/actuator",
"/infusers/api/audit-spring-boot-dependencies",
"/infusers/eng/insight-3p-lib",
"/infusers/eng/insight-pom-file",
"/infusers/sse/active-stats-stream",
"/infusers/sse/active-requests-count",
"/infusers/user/signup",
"/webjars/**" };
public WebSecurityConfiguration(ApplicationContext ctx, UserUtility userUtility, ApplicationEventPublisher eventPublisher) {
this.applicationContext = ctx;
this.userUtility = userUtility;
this.eventPublisher = eventPublisher;
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity httpSecurity, AuthenticationManager authenticationManager) throws Exception {
httpSecurity
.cors(Customizer.withDefaults()) // Explicitly configures CORS using default settings
.csrf(csrf -> csrf.disable()) // Disables CSRF protection explicitly
.authorizeHttpRequests(authz -> authz
.requestMatchers(AUTH_WHITELIST).permitAll()
.anyRequest().authenticated()
)
.addFilter(new AuthenticationFilter(authenticationManager(httpSecurity), this.applicationContext, this.userUtility, this.eventPublisher))
.addFilterAfter(new AuthorizationFilter(authenticationManager(httpSecurity), userUtility), UsernamePasswordAuthenticationFilter.class)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.exceptionHandling(handling -> handling
.authenticationEntryPoint(new InfusersAuthenticationEntryPoint())
);
return httpSecurity.build();
}
@Bean
public AuthenticationManager authenticationManager(HttpSecurity httpSecurity) throws Exception {
return httpSecurity.getSharedObject(AuthenticationManagerBuilder.class)
.build();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy