это мой код:
Код: Выделить всё
package com.capolavoroprova.capolavoro.FirebaseInitializor;
import org.apache.catalina.filters.CorsFilter;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.CorsConfigurer;
import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter;
import java.util.Collection;
import java.util.Optional;
import java.util.stream.Collectors;
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
@CrossOrigin(origins = "*")
public class FirebaseSecurityFilterConfig {
@Bean
public RoleHierarchy gerarchiaRuoli(){
RoleHierarchyImpl gerarchia = new RoleHierarchyImpl();
System.out.println("\n\n\nSono dentro il RoleHieracy generator.\n\n\n ");
String listaGerarchia = "ADMIN > SELLER \n SELLER > USER \n USER > ANONYMOUS";
gerarchia.setHierarchy(listaGerarchia);
return gerarchia;
}
@Bean
public DefaultWebSecurityExpressionHandler costumWebSecurityHandler(){
System.out.println("\n\n\nSono dentro il DefaultWebSecurityExpressionHandler.\n\n\n ");
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setRoleHierarchy(this.gerarchiaRuoli());
return handler;
}
@Bean
@CrossOrigin(origins = "*")
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
/*3° letto*/
System.out.println("\n\n\n\nEntro dentro al filtro di sicurezza\n\n\n\n");
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(
authorize -> authorize
//.requestMatchers("/api/v1/caseList/*").hasRole("USER")
.requestMatchers("/api/v1/caseList/**").permitAll()
.requestMatchers("/api/v1/caseList").permitAll()
.requestMatchers("/api/v1/Venditore/*", "/error").permitAll()
.requestMatchers("/api/v1/Venditore", "/error").permitAll()
.anyRequest().authenticated()
); //I will disable this probably
http.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(this.jwtAuthenticationConverter());
return http.build();
}
@Bean
public CorsConfigurationSource corsFilter(){
System.out.println("\n\n\nSono dentro il cors configurer.\n\n\n ");
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.addAllowedMethod("*");
config.addAllowedHeader("*");
UrlBasedCorsConfigurationSource origine = new UrlBasedCorsConfigurationSource();
origine.registerCorsConfiguration("/**", config);
return origine;
}
/*@Bean
public UserDetailsService userDetailsService(){
System.out.println("\n\n\nSono dentro il userDetailsService.\n\n\n ");
UserDetails user = User.withDefaultPasswordEncoder().username("username").password("username").roles("USER").build();
return new InMemoryUserDetailsManager(user);
}*/
public JwtAuthenticationConverter jwtAuthenticationConverter(){
JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
converter.setJwtGrantedAuthoritiesConverter(jwt->
Optional.ofNullable(jwt.getClaimAsStringList("Role"))
.stream()
.flatMap(Collection::stream)
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList())
);
return converter;
}
}
Код: Выделить всё
org.springframework.boot
spring-boot-starter-data-mongodb
org.springframework.boot
spring-boot-starter-web
org.springframework.boot
spring-boot-starter-webflux
org.springframework.boot
spring-boot-devtools
runtime
true
org.projectlombok
lombok
true
org.springframework.boot
spring-boot-starter-test
test
me.paulschwarz
spring-dotenv
2.3.0
com.google.firebase
firebase-admin
8.2.0
com.google.firebase
firebase-auth
22.3.1
import
com.google.auth
google-auth-library-oauth2-http
1.23.0
org.springframework.security
spring-security-web
org.springframework.boot
spring-boot-starter-security
org.springframework.security
spring-security-oauth2-resource-server
6.2.4
org.springframework.security
spring-security-jwt
org.springframework.boot
spring-boot-autoconfigure
3.2.3
org.springframework.security
spring-security-config
6.2.3
Подробнее здесь: https://stackoverflow.com/questions/783 ... ter-and-de