diff --git a/pom.xml b/pom.xml
index 659438d..8b89630 100644
--- a/pom.xml
+++ b/pom.xml
@@ -84,6 +84,11 @@
spring-security-web
6.1.5
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-client
+
+
diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java b/src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java
index 9d710a2..4485ea6 100644
--- a/src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java
@@ -31,7 +31,8 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
@NonNull HttpServletResponse response,
@NonNull FilterChain filterChain
) throws ServletException, IOException {
- if (request.getServletPath().contains("/api/v1/auth")) {
+ if (request.getServletPath().contains("/api/v1/auth") || request.getServletPath().contains("/github")) {
+ System.out.println("hi");
filterChain.doFilter(request, response);
return;
}
diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
index 6c09c65..094284d 100644
--- a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
@@ -1,6 +1,5 @@
package com.faf223.expensetrackerfaf.config;
-import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
@@ -10,6 +9,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
@@ -20,12 +20,20 @@ import java.util.Arrays;
@Configuration
@EnableWebSecurity
-@RequiredArgsConstructor
@EnableMethodSecurity
public class SecurityConfiguration {
private final JwtAuthenticationFilter jwtAuthFilter;
private final AuthenticationProvider authenticationProvider;
+ private final ClientRegistrationRepository clientRegistrationRepository;
+
+ public SecurityConfiguration(JwtAuthenticationFilter jwtAuthFilter,
+ AuthenticationProvider authenticationProvider,
+ ClientRegistrationRepository clientRegistrationRepository) {
+ this.jwtAuthFilter = jwtAuthFilter;
+ this.authenticationProvider = authenticationProvider;
+ this.clientRegistrationRepository = clientRegistrationRepository;
+ }
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -33,9 +41,10 @@ public class SecurityConfiguration {
.cors(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
- .requestMatchers("/api/v1/auth/**").permitAll()
+ .requestMatchers("/api/v1/auth/**", "/github").permitAll()
.anyRequest().authenticated()
)
+ .oauth2Login(Customizer.withDefaults())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // will be executed before UsernamePasswordAuthenticationFilter
@@ -54,4 +63,8 @@ public class SecurityConfiguration {
return source;
}
+// @Bean
+// public OAuth2UserService oAuth2UserService() {
+// return new DefaultOAuth2UserService();
+// }
}