johanleroy/ENI-Ludotheque
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

permission login

Browse Source
This commit is contained in:
jleroy2023
2025-07-16 11:50:32 +02:00
parent 1cdc2c140e
commit 8be2d2f016
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/main/java/fr/eni/demo/security/SecurityConfig.java
View File

@@ -4,10 +4,10 @@ import fr.eni.demo.bll.JwtService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
@@ -15,6 +15,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
@@ -27,14 +28,17 @@ public class SecurityConfig {
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
public SecurityFilterChain filterChain(HttpSecurity http, UserDetailsService userDetailsService) throws Exception {
JwtAuthFilter jwtFilter = new JwtAuthFilter(jwtService, userDetailsService);
http
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth").permitAll()
.requestMatchers("/api/**").hasAnyRole("USER")
.anyRequest().denyAll()
.requestMatchers("/auth/**").permitAll()
.anyRequest().authenticated()
)
.formLogin(Customizer.withDefaults());
.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}