38 lines
1.6 KiB
Java
38 lines
1.6 KiB
Java
package _11.asktpk.artisanconnectbackend.config;
|
|
|
|
import _11.asktpk.artisanconnectbackend.security.JwtRequestFilter;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
public class SecurityConfig {
|
|
|
|
private final JwtRequestFilter jwtRequestFilter;
|
|
|
|
public SecurityConfig(JwtRequestFilter jwtRequestFilter) {
|
|
this.jwtRequestFilter = jwtRequestFilter;
|
|
}
|
|
|
|
@Bean
|
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
http
|
|
.cors(cors -> cors.configure(http))
|
|
.csrf(AbstractHttpConfigurer::disable)
|
|
.authorizeHttpRequests(auth -> auth
|
|
.requestMatchers("/api/v1/auth/**", "/api/v1/payments/notification").permitAll()
|
|
.anyRequest().authenticated())
|
|
.sessionManagement(session -> session
|
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
|
|
|
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
|
|
|
|
return http.build();
|
|
}
|
|
} |