my Security Config Class выглядит как: p> p> p> p>
my Security Config Class.
Код: Выделить всё
package com.gtt.cv.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
import org.springframework.web.filter.CorsFilter;
import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
import com.gtt.cv.security.AuthoritiesConstants;
import com.gtt.cv.security.jwt.JWTConfigurer;
import com.gtt.cv.security.jwt.TokenProvider;
import tech.jhipster.config.JHipsterProperties;
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
@Configuration
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration {
private final JHipsterProperties jHipsterProperties;
private final TokenProvider tokenProvider;
private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;
public SecurityConfiguration(TokenProvider tokenProvider, CorsFilter corsFilter, JHipsterProperties jHipsterProperties, SecurityProblemSupport problemSupport) {
this.tokenProvider = tokenProvider;
this.corsFilter = corsFilter;
this.problemSupport = problemSupport;
this.jHipsterProperties = jHipsterProperties;
}
@Bean
public Argon2PasswordEncoder passwordEncoder() {
return new Argon2PasswordEncoder(64, 512, 2, 1024, 4);
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity httpsSecurity) throws Exception {
httpsSecurity.csrf(csrf -> csrf.disable())
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling((exception) -> exception.authenticationEntryPoint(problemSupport).accessDeniedHandler(problemSupport))
.headers(headers -> headers.frameOptions(frameOptionsConfig -> frameOptionsConfig.sameOrigin())
.contentSecurityPolicy(contentSecurityPolicyConfig -> contentSecurityPolicyConfig.policyDirectives(jHipsterProperties.getSecurity().getContentSecurityPolicy()).reportOnly())
.referrerPolicy(referralPolicyConfig -> referralPolicyConfig.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN))
.permissionsPolicy(permissionsPolicyConfig -> permissionsPolicyConfig.policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")))
.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth.requestMatchers("/").permitAll()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/app/**/*.{js,html}").permitAll()
.requestMatchers("/i18n/**").permitAll()
.requestMatchers("/content/**").permitAll()
.requestMatchers("/swagger-ui/**").permitAll()
.requestMatchers("/test/**").permitAll()
.requestMatchers("/api/authenticate").permitAll()
.requestMatchers("/api/register").permitAll()
.requestMatchers("/api/activate").permitAll()
.requestMatchers("/api/account/reset-password/init").permitAll()
.requestMatchers("/api/account/reset-password/finish").permitAll()
.requestMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
.requestMatchers("/api/**").authenticated()
.requestMatchers("/management/health").permitAll()
.requestMatchers("/management/health/**").permitAll()
.requestMatchers("/management/info").permitAll()
.requestMatchers("/management/prometheus").permitAll()
.requestMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN))
.httpBasic(basic -> basic.authenticationEntryPoint(problemSupport))
.with(securityConfigurerAdapter(), customizer -> customizer.withDefaults());
return httpsSecurity.build();
}
private JWTConfigurer securityConfigurerAdapter() {
return new JWTConfigurer(tokenProvider);
}
}
< /code>
jwtconfigurer class: < /p>
package com.gtt.cv.security.jwt;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
public class JWTConfigurer extends SecurityConfigurerAdapter {
private final TokenProvider tokenProvider;
public JWTConfigurer(TokenProvider tokenProvider) {
this.tokenProvider = tokenProvider;
}
@Override
public void configure(HttpSecurity httpSecurity) {
JWTFilter customFilter = new JWTFilter(tokenProvider);
httpSecurity.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
public void withDefaults() {
}
}
Подробнее здесь: https://stackoverflow.com/questions/796 ... figuration