Untitled

package com.fa.cfg;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

import com.fa.controller.CustomAuthenticationSuccessHandler;
import com.fa.services.impls.CustomizeUserDetailsService;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {

	private CustomizeUserDetailsService customizeUserDetailsService;
	private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;

	public WebSecurityConfig(CustomizeUserDetailsService customizeUserDetailsService,
			CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler) {
		super();
		this.customizeUserDetailsService = customizeUserDetailsService;
		this.customAuthenticationSuccessHandler = customAuthenticationSuccessHandler;
	}

	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	public void configureGlobal(AuthenticationManagerBuilder managerBuilder) throws Exception {
		managerBuilder.userDetailsService(customizeUserDetailsService).passwordEncoder(passwordEncoder());
	}

	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

		// Disable csrf
		http.csrf(csrf -> csrf.disable());

		// Authentication
		http.formLogin(auth -> auth.loginPage("/login").usernameParameter("email").loginProcessingUrl("/loginProcess")
				  .successHandler(customAuthenticationSuccessHandler)
				.failureUrl("/login?error"));
		http.rememberMe()
        .userDetailsService(customizeUserDetailsService);

		http.logout(auth -> auth.logoutUrl("/logout").logoutSuccessUrl("/login?logout"));
		// Authorization

		http.authorizeHttpRequests(

				auth -> auth
						.requestMatchers("/assets/**","/onedriver/**", "/temp/**", "/templates", "/home/**", "/login","/",
								"/api/**", "/tms/**","/search/**","/fa/**","/login?logout")
						.permitAll()

						.requestMatchers("/dashboard/**")
						.hasAnyRole("FA_MANAGER", "SUPER_ADMIN", "BUSINESS_ADMIN", "CLASS_ADMIN","DELIVERY_MANAGER")
						.requestMatchers("/home/**").hasAnyRole("TRAINEE", "SUPER_ADMIN", "BUSINESS_ADMIN")
						.requestMatchers("/superadmin/**").hasAnyRole("SUPER_ADMIN", "BUSINESS_ADMIN")
						.requestMatchers("/customer/**")
					    .hasRole("CUSTOMER")
					    .requestMatchers("/admin/course/create","/admin/course/save","/admin/course/update","/admin/course/update/**")
					    .hasAnyRole("SUPER_ADMIN", "BUSINESS_ADMIN")
					    .requestMatchers("/calendar/create/**")
					    .hasAnyRole("CLASS_ADMIN", "DELIVERY_MANAGER")
					    .requestMatchers("/calendar/detail/**")
					    .hasAnyRole("CLASS_ADMIN", "DELIVERY_MANAGER","TRAINEE", "TRAINER","SUPER_ADMIN")			
					    .requestMatchers("/calendar/view/all")
					    .hasAnyRole("TRAINEE", "TRAINER")
					    
					    .requestMatchers("/admin/group/listGroup", "/admin/group/detail/**")
					    .hasAnyRole("SUPER_ADMIN","CUSTOMER","TRAINEE","TRAINER","CLASS_ADMIN", "DELIVERY_MANAGER","FA_MANAGER")
						.requestMatchers("/admin/group/approve/**","/admin/group/reject/**")
						.hasAnyRole("FA_MANAGER")
						.requestMatchers("/admin/group/**")
					    .hasAnyRole("SUPER_ADMIN","DELIVERY_MANAGER","CLASS_ADMIN")

					    
					    .requestMatchers("/admin/LearningPath/update","/admin/LearningPath/create","/admin/site/list",
					    		"/admin/category/list","/admin/skill/list")
					    .hasAnyRole("SUPER_ADMIN", "BUSINESS_ADMIN")
						
					    .requestMatchers("/admin/attendeeType/attendeeList", "/admin/traineeManage/detailTrainee/**","/admin/attendeeType/save", "/admin/attendeeType/edit")
					    .hasAnyRole("SUPER_ADMIN", "BUSINESS_ADMIN","DELIVERY_MANAGER","CLASS_ADMIN")
					    
					    .requestMatchers("/admin/trainerManage/trainerList", "/admin/trainerManage/save", "/admin/trainerManage/update",
					    		"/admin/trainerManage/importTrainers")
					    .hasAnyRole("SUPER_ADMIN", "BUSINESS_ADMIN")
					    
					    .requestMatchers("/admin/traineeManage/traineeList", "/admin/traineeManage/update")
					    .hasAnyRole("DELIVERY_MANAGER","CLASS_ADMIN")
					    
					    .anyRequest().authenticated());
		

		// Exception Handling
//		http.exceptionHandling(auth -> auth.accessDeniedPage("/accessDenied"));
		http
				// ... Các cấu hình khác ...
				.exceptionHandling(exceptionHandling -> exceptionHandling
						.accessDeniedHandler((request, response, accessDeniedException) -> {
							// Kiểm tra nếu người dùng đã đăng nhập
							if (request.getUserPrincipal() != null) {
								// Đã đăng nhập, điều hướng đến trang lỗi tùy chỉnh
								response.sendRedirect("/accessDenied");
							} else {
								// Chưa đăng nhập, điều hướng đến trang đăng nhập mặc định
								response.sendRedirect("/login");
							}
						}));

		return http.build();
	}
	

}