package org.egl_cepgl.pm.config; import lombok.RequiredArgsConstructor; import org.egl_cepgl.pm.jwt.CustomJwt; import org.egl_cepgl.pm.jwt.JwtConverter; import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.convert.converter.Converter; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.JwtDecoders; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; //@Configuration //@EnableWebSecurity //@EnableMethodSecurity //public class SecurityConfig //{ // @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}") // String issuerUri; // @Bean // public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception // { // return http.csrf().disable().cors().disable().authorizeHttpRequests(auth -> auth // .requestMatchers( // "/grahql/**", // "/grahiql/**", // "/user-service/api/users/add" // //"/user-service/api/users/all" // ).permitAll() // .anyRequest().authenticated()) // .oauth2ResourceServer(oauth2ResourceServer -> // oauth2ResourceServer.jwt(jwt -> // //jwt.decoder(JwtDecoders.fromIssuerLocation(issuerUri)) // jwt.jwtAuthenticationConverter(customJwtConverter()) // ) // ) // .build(); // } // @Bean // public Converter customJwtConverter() { // return new CustomJwtConverter(); // } // // @Bean // public JwtDecoder jwtDecoder(OAuth2ResourceServerProperties properties) { // return JwtDecoders.fromIssuerLocation(properties.getJwt().getIssuerUri()); // } //} @RequiredArgsConstructor @Configuration @EnableWebSecurity @EnableMethodSecurity public class SecurityConfig { public static final String SUPER_ADMIN = "SUPER_ADMIN"; public static final String USER = "user"; private final JwtConverter jwtConverter; @Bean public SecurityFilterChain configure(HttpSecurity http) throws Exception { http .csrf().disable() .cors().disable() .authorizeHttpRequests((requests) -> requests .requestMatchers(new AntPathRequestMatcher("/api/users/**")).permitAll() .requestMatchers(new AntPathRequestMatcher("/api/users/addIfNotExists")).hasAnyRole("default-roles-egl_pm","USER") .requestMatchers(new AntPathRequestMatcher("/api/**")).permitAll() .requestMatchers(new AntPathRequestMatcher("/swagger-ui.html#")).permitAll() .requestMatchers(new AntPathRequestMatcher("/v3/api-docs/**")).permitAll() .requestMatchers(new AntPathRequestMatcher("/swagger-ui/**")).permitAll() .requestMatchers(new AntPathRequestMatcher("/swagger-ui.html")).permitAll() .anyRequest().authenticated()); //other URLs are only allowed authenticated users. http.sessionManagement(sess -> sess.sessionCreationPolicy( SessionCreationPolicy.STATELESS)); http.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(customJwtConverter()))); return http.build(); } @Bean public Converter customJwtConverter() { return new JwtConverter(); } @Bean public JwtDecoder jwtDecoder(OAuth2ResourceServerProperties properties) { return JwtDecoders.fromIssuerLocation(properties.getJwt().getIssuerUri()); } }