package com.faf223.expensetrackerfaf.config; import com.faf223.expensetrackerfaf.controller.auth.JwtAuthenticationSuccessHandler; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import java.util.Arrays; import static org.springframework.security.config.Customizer.withDefaults; @Configuration @EnableWebSecurity @EnableMethodSecurity public class SecurityConfiguration { private final JwtAuthenticationFilter jwtAuthFilter; private final AuthenticationProvider authenticationProvider; private final ClientRegistrationRepository clientRegistrationRepository; public SecurityConfiguration(JwtAuthenticationFilter jwtAuthFilter, AuthenticationProvider authenticationProvider, ClientRegistrationRepository clientRegistrationRepository) { this.jwtAuthFilter = jwtAuthFilter; this.authenticationProvider = authenticationProvider; this.clientRegistrationRepository = clientRegistrationRepository; } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .cors(Customizer.withDefaults()) .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth // .requestMatchers("/api/v1/auth/**").permitAll() .anyRequest().authenticated() ) .oauth2Login(withDefaults()); // .exceptionHandling(exceptionHandling -> // exceptionHandling // .authenticationEntryPoint(authenticationEntryPoint()) // ) // .oauth2Login(oauth2Login -> // oauth2Login // .loginPage("/login") // .clientRegistrationRepository(clientRegistrationRepository) // .userInfoEndpoint(userInfoEndpoint -> // userInfoEndpoint.userService(oAuth2UserService()) // ) // .successHandler(jwtAuthenticationSuccessHandler())); return http.build(); } @Bean public JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler() { return new JwtAuthenticationSuccessHandler(); } @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("*")); configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token")); configuration.setExposedHeaders(Arrays.asList("x-auth-token")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } @Bean public AuthenticationEntryPoint authenticationEntryPoint() { return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); } }