SecurityConfig.java (1853B)
1 package fr.kevincorvisier.mtg.letstrade; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.security.authentication.AuthenticationManager; 6 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; 7 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 8 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 9 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer; 10 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 11 import org.springframework.security.crypto.password.PasswordEncoder; 12 import org.springframework.security.web.SecurityFilterChain; 13 import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler; 14 15 import lombok.extern.slf4j.Slf4j; 16 17 @Slf4j 18 @Configuration 19 @EnableWebSecurity 20 public class SecurityConfig 21 { 22 @Bean 23 public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception 24 { 25 return http // 26 .csrf(CsrfConfigurer::disable) // 27 .logout(logout -> logout // 28 .logoutUrl("/api/authentication/logout") // 29 .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()) // 30 ) // 31 .authorizeHttpRequests(authorize -> authorize // 32 .requestMatchers("/api/authentication/**").permitAll() // 33 .requestMatchers("/api/**").authenticated() // 34 .anyRequest().permitAll() // 35 ) // 36 .build(); 37 } 38 39 @Bean 40 public static PasswordEncoder passwordEncoder() 41 { 42 return new BCryptPasswordEncoder(); 43 } 44 45 @Bean 46 public AuthenticationManager authenticationManager(final AuthenticationConfiguration configuration) throws Exception 47 { 48 return configuration.getAuthenticationManager(); 49 } 50 }