byte/expensetracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/security_branch' into security_branch

Browse Source 
# Conflicts:
#	src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
This commit is contained in:
Dmitrii Cravcenco
2023-11-20 18:14:33 +02:00
parent 7481f91b11 d03e256425
commit 07c9ed63ee
3 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pom.xml
View File

@@ -84,6 +84,11 @@
<artifactId>spring-security-web</artifactId> <artifactId>spring-security-web</artifactId>
<version>6.1.5</version> <version>6.1.5</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
</dependencies> </dependencies>
<build> <build>
<plugins> <plugins>

3
src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java
View File

@@ -31,7 +31,8 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
@NonNull HttpServletResponse response, @NonNull HttpServletResponse response,
@NonNull FilterChain filterChain @NonNull FilterChain filterChain
) throws ServletException, IOException { ) throws ServletException, IOException {
if (request.getServletPath().contains("/api/v1/auth")) { if (request.getServletPath().contains("/api/v1/auth") || request.getServletPath().contains("/github")) {
System.out.println("hi");
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
return; return;
} }

19
src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
View File

@@ -1,6 +1,5 @@
package com.faf223.expensetrackerfaf.config; package com.faf223.expensetrackerfaf.config;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
@@ -10,6 +9,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
@@ -20,12 +20,20 @@ import java.util.Arrays;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@RequiredArgsConstructor
@EnableMethodSecurity @EnableMethodSecurity
public class SecurityConfiguration { public class SecurityConfiguration {
private final JwtAuthenticationFilter jwtAuthFilter; private final JwtAuthenticationFilter jwtAuthFilter;
private final AuthenticationProvider authenticationProvider; private final AuthenticationProvider authenticationProvider;
private final ClientRegistrationRepository clientRegistrationRepository;
public SecurityConfiguration(JwtAuthenticationFilter jwtAuthFilter,
AuthenticationProvider authenticationProvider,
ClientRegistrationRepository clientRegistrationRepository) {
this.jwtAuthFilter = jwtAuthFilter;
this.authenticationProvider = authenticationProvider;
this.clientRegistrationRepository = clientRegistrationRepository;
}
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -33,9 +41,10 @@ public class SecurityConfiguration {
.cors(Customizer.withDefaults()) .cors(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable) .csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers("/api/v1/auth/**").permitAll() .requestMatchers("/api/v1/auth/**", "/github").permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.oauth2Login(Customizer.withDefaults())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider) .authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // will be executed before UsernamePasswordAuthenticationFilter .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // will be executed before UsernamePasswordAuthenticationFilter
@@ -54,4 +63,8 @@ public class SecurityConfiguration {
return source; return source;
} }
// @Bean
// public OAuth2UserService oAuth2UserService() {
// return new DefaultOAuth2UserService();
// }
} }