Skip to content
Snippets Groups Projects
Select Git revision
  • 8348795aea8e9c6d76dd5d5549f88f77a550bb5c
  • main default
  • group-member-bug
  • test/grouputil-stastisticsutil
  • 256-fix-a-little-bug-creating-a-group
  • bugfix/get-fridge-amount-format
  • bugfix/216-group-shoppinglist-fridge-associations
  • bugfix/223-fix-change-group
  • 221-improve-amount-and-unit-algortihm
  • 220-add-endpoint-to-delete-product-from-fridge-and-saving-waste
  • 217-add-algotihm-to-find-relevant-statistics
  • 201-add-endpoit-to-delete-a-product-from-fridge
  • 181-fridgecontroller-post-product
  • feature/178-add-expirationdate-to-fridge-product
  • 148-endpoint-for-waste-categories
  • 164-create-endpoint-to-change-authority-of-person-in-group
  • feature/addPersonToGroup
  • bugfix/fridge-controller-delete-mapping
  • bug-fixing/changeConnectionUserGroup
19 results

SecurityConfig.java

Blame
    • SecurityConfig.java 1.97 KiB 
    package ntnu.idatt2016.v233.SmartMat.config;

import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;

/**
 * Configs for security and authentication
 * @author Birk
 * @version 1.0
 * @since 04.04.2023
 */
@Configuration
@AllArgsConstructor
public class SecurityConfig {

    /**
     * Configures the HttpSecurity for the application.
     * Dose not need ot have csrf enabled, because we are using jwt
     * and the application is stateless
     * @param http HttpSecurity to configure
     * @return SecurityFilterChain with configured HttpSecurity
     * @throws Exception if an error occurs
     */
    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http
                .cors().and()
                .csrf().disable()
                .authorizeHttpRequests(auth-> auth
                        .requestMatchers(HttpMethod.POST, "api/auth/**").permitAll()
                        .requestMatchers(HttpMethod.POST, "api/user/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "api/groups/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "swagger-ui/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "/v3/api-docs/**").permitAll()
                        .anyRequest().authenticated()
                )
                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
                .sessionManagement(session->session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .build();
    }

}