Untitled

mail@pastecode.io avatar
unknown
plain_text
12 days ago
1.1 kB
1
Indexable
Never
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private JwtTokenProvider jwtTokenProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeRequests()
            .antMatchers("/api/images/upload").permitAll() // Allow uploading without authentication
            .anyRequest().authenticated()
            .and()
            .apply(new JwtConfigurer(jwtTokenProvider));
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // Allow access to certain endpoints without authentication
        web.ignoring().antMatchers("/api/images/upload");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // Configure authentication manager, e.g., in-memory or database-based authentication
    }
}
Leave a Comment