StudentLoanManagement
SecurityConfig.java
Go to the documentation of this file.
1package com.student_loan.config;
2
3import java.util.List;
4
5import org.springframework.context.annotation.Bean;
6import org.springframework.context.annotation.Configuration;
7import org.springframework.context.annotation.Profile;
8import org.springframework.security.config.annotation.web.builders.HttpSecurity;
9import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
10import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
11import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
12import org.springframework.security.web.SecurityFilterChain;
13import org.springframework.web.cors.CorsConfiguration;
14import org.springframework.web.cors.CorsConfigurationSource;
15import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
16
17import com.student_loan.security.JwtFilter;
18import com.student_loan.security.JwtUtil;
19
20@Configuration
21@EnableWebSecurity
22@Profile("!test")
23public class SecurityConfig {
24
25 private final JwtUtil jwtUtil;
26
27 public SecurityConfig(JwtUtil jwtUtil) {
28 this.jwtUtil = jwtUtil;
29 }
30
31 @Bean
32 public BCryptPasswordEncoder bCryptPasswordEncoder() {
33 return new BCryptPasswordEncoder();
34 }
35
36 @Bean
37 public CorsConfigurationSource corsConfigurationSource() {
38 CorsConfiguration cfg = new CorsConfiguration();
39 cfg.setAllowedOrigins(List.of("http://localhost:3000"));
40 cfg.setAllowedMethods(List.of("GET", "POST","PUT","DELETE","OPTIONS"));
41 cfg.setAllowedHeaders(List.of("Authorization","Content-Type"));
42 cfg.setAllowCredentials(true);
43
44 UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
45 source.registerCorsConfiguration("/**", cfg);
46 return source;
47 }
48
49 @Bean
50 public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
51 http
52 .cors().and()
53 .csrf().disable()
54 .authorizeHttpRequests(auth -> auth
55 .requestMatchers(
56 "/users/login",
57 "/users/register",
58 "/api/ranking",
59 "/images/**",
60 "/items/**",
61 "/users"
62 ).permitAll()
63 .anyRequest().authenticated()
64 )
65 .addFilterBefore(
66 new JwtFilter(jwtUtil),
67 UsernamePasswordAuthenticationFilter.class
68 );
69 return http.build();
70 }
71}
com.student_loan.config.SecurityConfig
Definition SecurityConfig.java:23
com.student_loan.config.SecurityConfig.bCryptPasswordEncoder
BCryptPasswordEncoder bCryptPasswordEncoder()
Definition SecurityConfig.java:32
com.student_loan.config.SecurityConfig.securityFilterChain
SecurityFilterChain securityFilterChain(HttpSecurity http)
Definition SecurityConfig.java:50
com.student_loan.config.SecurityConfig.SecurityConfig
SecurityConfig(JwtUtil jwtUtil)
Definition SecurityConfig.java:27
com.student_loan.config.SecurityConfig.corsConfigurationSource
CorsConfigurationSource corsConfigurationSource()
Definition SecurityConfig.java:37