Untitled
unknown
java
a year ago
5.0 kB
9
Indexable
package com.volunnear.config;
//import com.volunnear.security.jwt.JwtTokenFilter; TODO
import com.volunnear.Routes;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.web.SecurityFilterChain;
import java.util.stream.Stream;
@Slf4j
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(configurer -> configurer
.requestMatchers(Routes.REGISTER_ROUTE_SECURITY + "/**",
Routes.LOGIN).permitAll()
.requestMatchers(Routes.SWAGGER_ENDPOINTS).permitAll()
.requestMatchers("/test/check-status").hasRole("VOLUNTEER") //TODO: only for tests, delete in production
.requestMatchers(Routes.VOLUNTEER + "/**",
Routes.UPDATE_VOLUNTEER_PROFILE,
Routes.POST_FEEDBACK_ABOUT_ORGANISATION,
Routes.UPDATE_FEEDBACK_FOR_CURRENT_ORGANISATION,
Routes.DELETE_FEEDBACK_ABOUT_ORGANISATION,
Routes.LOCATION + "/**",
Routes.NOTIFICATIONS + "/**").hasRole("VOLUNTEER")
.requestMatchers(Routes.UPDATE_ORGANISATION_PROFILE,
Routes.ADD_ACTIVITY,
Routes.GET_MY_ACTIVITIES,
Routes.UPDATE_ACTIVITY_INFORMATION,
Routes.DELETE_CURRENT_ACTIVITY_BY_ID,
Routes.GET_ORGANISATION_PROFILE,
Routes.ADD_COMMUNITY_LINK,
Routes.ADD_CHAT_LINK_FOR_ACTIVITY).hasRole("ORGANISATION")
.requestMatchers("/api/hello",
Routes.GET_ALL_ORGANISATIONS,
Routes.ACTIVITY_CURRENT_ORGANISATION,
Routes.GET_ALL_ACTIVITIES_WITH_ALL_ORGANISATIONS,
Routes.GET_FEEDBACKS_OF_ALL_ORGANISATIONS,
Routes.GET_FEEDBACKS_FROM_CURRENT_ORGANISATION,
Routes.GET_CHAT_LINK_BY_ACTIVITY,
Routes.GET_COMMUNITY_LINK_BY_ORGANISATION)
.hasAnyRole("VOLUNTEER", "ORGANISATION")
.requestMatchers("/ws/**", "stomp").permitAll()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated())
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.csrf(CsrfConfigurer::disable)
.oauth2ResourceServer(configurer -> configurer.jwt(
jwt -> {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setPrincipalClaimName("preferred_username");
jwt.jwtAuthenticationConverter(jwtAuthenticationConverter);
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
KeycloakJwtGrantedAuthoritiesConvertor customJwtGrantedAuthoritiesConverter = new KeycloakJwtGrantedAuthoritiesConvertor();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(token ->
Stream
.concat(
jwtGrantedAuthoritiesConverter.convert(token).stream(),
customJwtGrantedAuthoritiesConverter.convert(token).stream()
).toList());
}))
.build();
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
Editor is loading...
Leave a Comment