Untitled
unknown
plain_text
a year ago
8.9 kB
15
Indexable
package com.nbt1997.be_genstar.core.configuration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.web.SecurityFilterChain;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nbt1997.be_genstar.core.component.JwtTokenUtils;
import com.nbt1997.be_genstar.core.component.Localization;
import com.nbt1997.be_genstar.module.admin.constant.AdminConstant;
import com.nbt1997.be_genstar.module.kol.constant.KolConstant;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import lombok.AccessLevel;
import lombok.RequiredArgsConstructor;
import lombok.experimental.FieldDefaults;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.cors.CorsConfigurationSource;
@Slf4j
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
@RequiredArgsConstructor
//@EnableGlobalMethodSecurity(prePostEnabled = true)
@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
public class SecurityConfig {
ObjectMapper objectMapper;
RSAKeyRecord rsaKeyRecord;
JwtTokenUtils jwtTokenUtils;
Localization localization;
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*")); // Allow all origins
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); // Allow all methods
configuration.setAllowedHeaders(Arrays.asList("*")); // Allow all headers
configuration.setExposedHeaders(Arrays.asList("Authorization")); // Expose Authorization header
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/**").permitAll()
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.build();
}
@Order(1)
@Bean
public SecurityFilterChain swaggerSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.securityMatchers((matchers) -> matchers
.requestMatchers("/v3/api-docs/**", // Swagger v3 docs endpoint
"/swagger-ui/**", // Swagger UI path
"/swagger-ui.html", // Swagger UI HTML page
"/swagger-resources/**",
"/webjars/**")
)
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
.exceptionHandling(ex -> {
log.error("[SecurityConfig:swaggerSecurityFilterChain] Exception due to :{}",ex);
})
.build();
}
@Order(2)
@Bean
public SecurityFilterChain publicKolSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.securityMatchers((matchers) -> matchers
.requestMatchers(KolConstant.API.AUTH + KolConstant.API.LOGIN + "/**",
KolConstant.API.AUTH + KolConstant.API.REGISTER + "/**")
)
.cors(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
.exceptionHandling(ex -> {
log.error("[SecurityConfig:publicKolSecurityFilterChain] Exception due to :{}",ex);
})
.build();
}
@Order(3)
@Bean
public SecurityFilterChain publicAdminSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.securityMatchers((matchers) -> matchers
.requestMatchers(AdminConstant.API.LOGIN + AdminConstant.API.LOGIN + "/**")
)
.cors(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
.exceptionHandling(ex -> {
log.error("[SecurityConfig:publicAdminSecurityFilterChain] Exception due to :{}",ex);
})
.build();
}
// @Order(1)
// @Bean
// public SecurityFilterChain signInSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
// return httpSecurity
// .securityMatcher(new AntPathRequestMatcher(AUTH.PREFIX + AUTH.SIGN_IN + "/**"))
// .csrf(AbstractHttpConfigurer::disable)
// .authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
// .exceptionHandling(ex -> {
// log.error("[SecurityConfig:signInSecurityFilterChain] Exception due to :{}",ex);
// })
// .build();
// }
// @Order(2)
// @Bean
// public SecurityFilterChain apiSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
// return httpSecurity
// .securityMatcher(new AntPathRequestMatcher("/api/**"))
// .csrf(AbstractHttpConfigurer::disable)
// .authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
// .oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()))
// .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// .addFilterBefore(new JwtAccessTokenFilter(objectMapper, rsaKeyRecord, jwtTokenUtils, localizationUtils), UsernamePasswordAuthenticationFilter.class)
// .exceptionHandling(ex -> {
// log.error("[SecurityConfig:apiSecurityFilterChain] Exception due to :{}",ex);
// ex.authenticationEntryPoint(new BearerTokenAuthenticationEntryPoint());
// ex.accessDeniedHandler(new BearerTokenAccessDeniedHandler());
// })
// .httpBasic(withDefaults())
// .build();
// }
//
// @Order(3)
// @Bean
// public SecurityFilterChain refreshTokenSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
// return httpSecurity
// .securityMatcher(new AntPathRequestMatcher(AUTH.PREFIX + AUTH.REFRESH_TOKEN + "/**"))
// .csrf(AbstractHttpConfigurer::disable)
// .authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
// .oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()))
// .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// .addFilterBefore(new JwtRefreshTokenFilter(rsaKeyRecord, jwtTokenUtils, refreshTokenRepository), UsernamePasswordAuthenticationFilter.class)
// .exceptionHandling(ex -> {
// log.error("[SecurityConfig:refreshTokenSecurityFilterChain] Exception due to :{}",ex);
// ex.authenticationEntryPoint(new BearerTokenAuthenticationEntryPoint());
// ex.accessDeniedHandler(new BearerTokenAccessDeniedHandler());
// })
// .httpBasic(withDefaults())
// .build();
// }
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
JwtDecoder jwtDecoder(){
return NimbusJwtDecoder.withPublicKey(rsaKeyRecord.rsaPublicKey()).build();
}
@Bean
JwtEncoder jwtEncoder(){
JWK jwk = new RSAKey.Builder(rsaKeyRecord.rsaPublicKey()).privateKey(rsaKeyRecord.rsaPrivateKey()).build();
JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(new JWKSet(jwk));
return new NimbusJwtEncoder(jwkSource);
}
@Bean
JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
return jwtAuthenticationConverter;
}
}
Editor is loading...
Leave a Comment