arhuako/rssotto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
760589a0ee3f74cf83e11a7fba81c3dcf915bf74
rssotto/src/main/kotlin/net/xintanalabs/rssotto/config/SecurityConfiguration.kt
Jose Conde 760589a0ee Update
2025-10-24 16:56:04 +02:00

61 lines
2.4 KiB
Kotlin
Raw Blame History

package net.xintanalabs.rssotto.config
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.authentication.AuthenticationProvider
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.web.DefaultSecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import org.springframework.web.cors.CorsConfiguration
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
import org.springframework.web.filter.CorsFilter
@Configuration
@EnableWebSecurity
class SecurityConfiguration(
private val authenticationProvider: AuthenticationProvider
) {
@Bean
fun corsConfigurationSource(): UrlBasedCorsConfigurationSource {
val config = CorsConfiguration()
config.allowedOrigins = listOf("http://localhost:4200")
config.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS")
config.allowedHeaders = listOf("*")
config.allowCredentials = true
val source = UrlBasedCorsConfigurationSource()
source.registerCorsConfiguration("/**", config)
return source
}
@Bean
fun securityFilterChain(
http: HttpSecurity,
jwtAuthenticationFilter: JwtAuthenticationFilter
): DefaultSecurityFilterChain =
http
.cors { }
.csrf { it.disable() }
.authorizeHttpRequests {
it
.requestMatchers("/api/auth/**", "/error")
.permitAll()
.requestMatchers(HttpMethod.POST, "/api/user")
.permitAll()
.requestMatchers( "/api/user**")
.hasRole("ADMIN")
.anyRequest()
.fullyAuthenticated()
}
.sessionManagement {
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
}
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
.build()
}
Reference in New Issue View Git Blame Copy Permalink