/backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java - Komentovat - Zpracování geografických údajů v novoasyrských textech (KBS FF) - Code of Duty - Redmine

| Větev: | Tag: | Revize:

aswi2022code-of-duty-gitlab/backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java @ 16b96e8f

1	e111342b	Jakub Smid	package cz.zcu.kiv.backendapi.security;
2
3			import cz.zcu.kiv.backendapi.security.jwt.JwtTokenVerifier;
4			import cz.zcu.kiv.backendapi.security.jwt.JwtUsernameAndPasswordAuthenticationFilter;
5	c1e7e376	Jakub Šmíd	import cz.zcu.kiv.backendapi.security.jwt.JwtUtils;
6	e111342b	Jakub Smid	import cz.zcu.kiv.backendapi.user.Role;
7	b30f120b	Jakub Smid	import cz.zcu.kiv.backendapi.user.permission.Permission;
8	e111342b	Jakub Smid	import lombok.RequiredArgsConstructor;
9			import org.springframework.context.annotation.Bean;
10			import org.springframework.context.annotation.Configuration;
11	b2af5445	Jakub Šmíd	import org.springframework.http.HttpMethod;
12	e111342b	Jakub Smid	import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
13			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
14			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
15			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
16			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
17			import org.springframework.security.config.http.SessionCreationPolicy;
18			import org.springframework.security.core.userdetails.UserDetailsService;
19			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
20	fc79a8cb	Vaclav Honzik	import org.springframework.web.cors.CorsConfiguration;
21			import org.springframework.web.cors.CorsConfigurationSource;
22			import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
23	e111342b	Jakub Smid
24	4afeda3d	Jakub Smid	import java.util.HashMap;
25			import java.util.Map;
26
27	e111342b	Jakub Smid	/**
28			* Security config class
29			*/
30			@Configuration
31			@EnableWebSecurity
32			@RequiredArgsConstructor
33			public class SecurityConfig extends WebSecurityConfigurerAdapter {
34	4afeda3d	Jakub Smid
35			/**
36			* Map of permitted endpoints with HTTP method (user does not need to be authenticated perform the request)
37			*/
38			private static final Map<String, HttpMethod> PERMITTED_ENDPOINTS;
39
40	e111342b	Jakub Smid	/**
41			* User detail service
42			*/
43			private final UserDetailsService userDetailsService;
44
45			/**
46			* Password encoder
47			*/
48			private final BCryptPasswordEncoder bCryptPasswordEncoder;
49
50			/**
51			* JWT utils
52			*/
53			private final JwtUtils jwtUtils;
54
55	4afeda3d	Jakub Smid	static {
56			PERMITTED_ENDPOINTS = new HashMap<>();
57			PERMITTED_ENDPOINTS.put("/login", HttpMethod.POST);
58			PERMITTED_ENDPOINTS.put("/users/token", HttpMethod.GET);
59			PERMITTED_ENDPOINTS.put("/swagger-ui/**", HttpMethod.GET);
60			PERMITTED_ENDPOINTS.put("/swagger-ui.html", HttpMethod.GET);
61			PERMITTED_ENDPOINTS.put("/v3/api-docs", HttpMethod.GET);
62			PERMITTED_ENDPOINTS.put("/v3/api-docs/swagger-config", HttpMethod.GET);
63			PERMITTED_ENDPOINTS.put("/catalog-items", HttpMethod.GET);
64			PERMITTED_ENDPOINTS.put("/catalog-items/**", HttpMethod.GET);
65	ff40cb89	Schwobik	PERMITTED_ENDPOINTS.put("/title-page", HttpMethod.GET);
66	bf502b70	Jakub Smid	PERMITTED_ENDPOINTS.put("/sources", HttpMethod.GET);
67	4afeda3d	Jakub Smid	}
68	e111342b	Jakub Smid
69			/**
70			* Security configuration
71			*
72			* @param http http security
73			* @throws Exception exception
74			*/
75	4afeda3d	Jakub Smid	// TODO configure and check rights
76	e111342b	Jakub Smid	@Override
77			protected void configure(HttpSecurity http) throws Exception {
78	fc79a8cb	Vaclav Honzik	http.csrf().disable()
79			.cors()
80			.and()
81	e111342b	Jakub Smid	.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
82			.and()
83	2fb633dc	Jakub Smid	.addFilter(new JwtUsernameAndPasswordAuthenticationFilter(authenticationManager(), jwtUtils))
84	4afeda3d	Jakub Smid	.addFilterAfter(new JwtTokenVerifier(jwtUtils, PERMITTED_ENDPOINTS), JwtUsernameAndPasswordAuthenticationFilter.class)
85	e111342b	Jakub Smid	.authorizeRequests()
86	4afeda3d	Jakub Smid	.antMatchers(HttpMethod.GET, PERMITTED_ENDPOINTS.keySet().stream().filter(k -> PERMITTED_ENDPOINTS.get(k).equals(HttpMethod.GET)).toArray(String[]::new)).permitAll()
87			.antMatchers(HttpMethod.POST, "/login").permitAll()
88	16b96e8f	Jakub Smid	.antMatchers(HttpMethod.POST, "/external-catalog-items").hasRole(Role.ADMIN.name())
89	4afeda3d	Jakub Smid	.antMatchers(HttpMethod.PATCH, "/users//permissions", "/users//password").hasRole(Role.ADMIN.name())
90			.antMatchers(HttpMethod.DELETE, "/users/**").hasRole(Role.ADMIN.name())
91			.antMatchers(HttpMethod.GET, "/users").hasRole(Role.ADMIN.name())
92	16b96e8f	Jakub Smid	.antMatchers(HttpMethod.GET, "/path", "/external-catalog-items").hasAuthority(Permission.READ.name())
93	4afeda3d	Jakub Smid	.antMatchers(HttpMethod.POST, "/catalog-items").hasAuthority(Permission.WRITE.name())
94			.antMatchers(HttpMethod.PUT, "/catalog-items/*").hasAuthority(Permission.WRITE.name())
95			.antMatchers(HttpMethod.DELETE, "/catalog-items/*").hasAuthority(Permission.DELETE.name())
96	bf502b70	Jakub Smid	.antMatchers(HttpMethod.POST, "/title-page", "/sources").hasRole(Role.ADMIN.name())
97	e111342b	Jakub Smid	.anyRequest()
98	2fb633dc	Jakub Smid	.authenticated();
99	e111342b	Jakub Smid	}
100
101			/**
102			* Sets authentication provider to authentication manager
103			*
104			* @param auth authentication manager builder
105			*/
106			@Override
107			protected void configure(final AuthenticationManagerBuilder auth) {
108			auth.authenticationProvider(authenticationProvider());
109			}
110
111
112			/**
113			* Returns authentication provider
114			*
115			* @return authentication provider
116			*/
117			@Bean
118			public DaoAuthenticationProvider authenticationProvider() {
119			final DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
120			provider.setUserDetailsService(userDetailsService);
121			provider.setPasswordEncoder(bCryptPasswordEncoder);
122			return provider;
123			}
124	fc79a8cb	Vaclav Honzik
125			@Bean
126			CorsConfigurationSource corsConfigurationSource() {
127			final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
128			source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
129			return source;
130			}
131	e111342b	Jakub Smid	}

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2022 » Zpracování geografických údajů v novoasyrských textech (KBS FF) - Code of Duty