74 lines
2.6 KiB
Java
74 lines
2.6 KiB
Java
package com.mattrixwv.raidbuilder.config;
|
|
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.http.HttpMethod;
|
|
import org.springframework.security.config.Customizer;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
|
import org.springframework.security.oauth2.jwt.JwtEncoder;
|
|
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
|
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
|
|
import com.nimbusds.jose.jwk.JWK;
|
|
import com.nimbusds.jose.jwk.JWKSet;
|
|
import com.nimbusds.jose.jwk.RSAKey;
|
|
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
|
|
import com.nimbusds.jose.jwk.source.JWKSource;
|
|
import com.nimbusds.jose.proc.SecurityContext;
|
|
|
|
import lombok.RequiredArgsConstructor;
|
|
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@RequiredArgsConstructor
|
|
public class SecurityConfig{
|
|
private final RsaKeyProperties rsaKeys;
|
|
|
|
|
|
@Bean
|
|
public PasswordEncoder passwordEncoder(){
|
|
return new BCryptPasswordEncoder();
|
|
}
|
|
|
|
@Bean
|
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
|
|
http
|
|
.csrf(csrf -> csrf.disable())
|
|
.authorizeHttpRequests(auth -> {
|
|
auth.requestMatchers(HttpMethod.OPTIONS).permitAll()
|
|
.requestMatchers("/auth/refresh", "/auth/test").permitAll() //Permit refresh tokens
|
|
.requestMatchers(HttpMethod.POST, "/auth/signup", "/auth/confirm").permitAll() //Permit signup operations
|
|
.requestMatchers("/auth/forgot", "/auth/forgot/*").permitAll() //Permit forgot password operations
|
|
.anyRequest().authenticated();
|
|
})
|
|
.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
|
|
.httpBasic(Customizer.withDefaults())
|
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
|
|
|
return http.build();
|
|
}
|
|
|
|
|
|
@Bean
|
|
public JwtEncoder jwtEncoder(){
|
|
JWK jwk = new RSAKey.Builder(rsaKeys.publicKey()).privateKey(rsaKeys.privateKey()).build();
|
|
|
|
JWKSource<SecurityContext> jwks = new ImmutableJWKSet<>(new JWKSet(jwk));
|
|
|
|
return new NimbusJwtEncoder(jwks);
|
|
}
|
|
|
|
@Bean
|
|
public JwtDecoder jwtDecoder(){
|
|
return NimbusJwtDecoder.withPublicKey(rsaKeys.publicKey()).build();
|
|
}
|
|
}
|