2023-11-27 06:30:52 +00:00
3 changed files with 22 additions and 15 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -73,6 +73,11 @@
            <artifactId>jakarta.validation-api</artifactId>
            <version>2.0.2</version>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+
    </dependencies>
    <build>
        <plugins>
--- a/src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java
@@ -31,7 +31,8 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
            @NonNull HttpServletResponse response,
            @NonNull FilterChain filterChain
    ) throws ServletException, IOException {
-        if (request.getServletPath().contains("/api/v1/auth")) {
+        if (request.getServletPath().contains("/api/v1/auth") || request.getServletPath().contains("/github")) {
+            System.out.println("hi");
            filterChain.doFilter(request, response);
            return;
        }
--- a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
@@ -1,7 +1,5 @@
 package com.faf223.expensetrackerfaf.config;

-import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -11,15 +9,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
-import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
-import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
@@ -28,16 +18,22 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

 import java.util.Arrays;

-import static org.springframework.security.config.Customizer.withDefaults;
-
@Configuration
@EnableWebSecurity
-@RequiredArgsConstructor
@EnableMethodSecurity
 public class SecurityConfiguration {

    private final JwtAuthenticationFilter jwtAuthFilter;
    private final AuthenticationProvider authenticationProvider;
+    private final ClientRegistrationRepository clientRegistrationRepository;
+
+    public SecurityConfiguration(JwtAuthenticationFilter jwtAuthFilter,
+                                 AuthenticationProvider authenticationProvider,
+                                 ClientRegistrationRepository clientRegistrationRepository) {
+        this.jwtAuthFilter = jwtAuthFilter;
+        this.authenticationProvider = authenticationProvider;
+        this.clientRegistrationRepository = clientRegistrationRepository;
+    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -45,9 +41,10 @@ public class SecurityConfiguration {
                .cors(Customizer.withDefaults())
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/api/v1/auth/**").permitAll()
+                        .requestMatchers("/api/v1/auth/**", "/github").permitAll()
                        .anyRequest().authenticated()
                )
+                .oauth2Login(Customizer.withDefaults())
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authenticationProvider(authenticationProvider)
                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // will be executed before UsernamePasswordAuthenticationFilter
@@ -66,4 +63,8 @@ public class SecurityConfiguration {
        return source;
    }

+//    @Bean
+//    public OAuth2UserService oAuth2UserService() {
+//        return new DefaultOAuth2UserService();
+//    }
 }