Simplyfy auth.

This commit is contained in:
Paulo Gustavo Veiga 2024-01-15 16:36:29 -08:00
parent b7591ab995
commit a4c0c4deb7
2 changed files with 41 additions and 54 deletions

View File

@ -18,14 +18,13 @@ public class MvcSecurityConfig {
@Bean @Bean
@Order(1) @Order(1)
public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
http http
.securityMatchers((matchers) -> .securityMatchers((matchers) ->
matchers.requestMatchers(matcher.pattern("c/maps/*/embed"))) matchers.requestMatchers(mvc.pattern("/c/maps/*/embed")))
.authorizeHttpRequests( .authorizeHttpRequests(
(auth) -> auth.requestMatchers(matcher.pattern(("c/maps/*/embed"))).permitAll()) (auth) -> auth.requestMatchers(mvc.pattern(("/c/maps/*/embed"))).permitAll())
.headers((header -> header.frameOptions() .headers((header -> header.frameOptions()
.disable() .disable()
)) ))
@ -34,27 +33,31 @@ public class MvcSecurityConfig {
return http.build(); return http.build();
} }
@Bean
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
return new MvcRequestMatcher.Builder(introspector);
}
@Bean @Bean
@Order(2) @Order(2)
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
http http
.securityMatchers((matchers) -> .securityMatchers((matchers) ->
matchers.requestMatchers(matcher.pattern("/c/**"))) matchers.requestMatchers(mvc.pattern("/c/**")))
.authorizeHttpRequests( .authorizeHttpRequests(
(auth) -> (auth) ->
auth auth
.requestMatchers(matcher.pattern("/c/login")).permitAll() .requestMatchers(mvc.pattern("/c/login")).permitAll()
.requestMatchers(matcher.pattern("/c/logout")).permitAll() .requestMatchers(mvc.pattern("/c/logout")).permitAll()
.requestMatchers(matcher.pattern("/c/registration")).permitAll() .requestMatchers(mvc.pattern("/c/registration")).permitAll()
.requestMatchers(matcher.pattern("/c/registration-success")).permitAll() .requestMatchers(mvc.pattern("/c/registration-success")).permitAll()
.requestMatchers(matcher.pattern("/c/registration-google")).permitAll() .requestMatchers(mvc.pattern("/c/registration-google")).permitAll()
.requestMatchers(matcher.pattern("/c/forgot-password")).permitAll() .requestMatchers(mvc.pattern("/c/forgot-password")).permitAll()
.requestMatchers(matcher.pattern("/c/forgot-password-success")).permitAll() .requestMatchers(mvc.pattern("/c/forgot-password-success")).permitAll()
.requestMatchers(matcher.pattern("/c/maps/*/try")).permitAll() .requestMatchers(mvc.pattern("/c/maps/*/try")).permitAll()
.requestMatchers(matcher.pattern("/c/maps/*/public")).permitAll() .requestMatchers(mvc.pattern("/c/maps/*/public")).permitAll()
.requestMatchers(matcher.pattern("/c/**")).hasAnyRole("USER", "ADMIN") .requestMatchers(mvc.pattern("/c/**")).hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated()) .anyRequest().authenticated())
.formLogin((loginForm) -> .formLogin((loginForm) ->
loginForm.loginPage("/c/login") loginForm.loginPage("/c/login")
@ -77,7 +80,7 @@ public class MvcSecurityConfig {
.disable() .disable()
)) ))
.csrf((csrf) -> .csrf((csrf) ->
csrf.ignoringRequestMatchers(matcher.pattern("/c/logout"))); csrf.ignoringRequestMatchers(mvc.pattern("/c/logout")));
return http.build(); return http.build();
} }

View File

@ -4,10 +4,6 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.ImportResource;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@ -21,39 +17,27 @@ import static org.springframework.security.config.Customizer.withDefaults;
@SpringBootApplication @SpringBootApplication
@EnableWebSecurity @EnableWebSecurity
//@ImportResource(value = {"classpath:spring/wisemapping-rest.xml"})
@ComponentScan({"com.wisemapping.rest"}) @ComponentScan({"com.wisemapping.rest"})
public class RestAppConfig { public class RestAppConfig {
@Bean @Bean
@Order(2) MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { return new MvcRequestMatcher.Builder(introspector);
// final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector).servletPath("**"); }
// return http @Bean
// .securityMatchers((matchers) -> SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
// matchers.requestMatchers(matcher.pattern(("/**")))) return http
// .authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
// .requestMatchers(matcher.pattern("api/restfull/users/")).permitAll() .requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll()
// .requestMatchers(matcher.pattern("api/restfull/users/resetPassword")).permitAll() .requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll()
// .requestMatchers(matcher.pattern("api/restfull/oauth2/googlecallback")).permitAll() .requestMatchers(mvc.pattern("/api/restfull/oauth2/googlecallback")).permitAll()
// .requestMatchers(matcher.pattern("api/restfull/oauth2/confirmaccountsync")).permitAll() .requestMatchers(mvc.pattern("/api/restfull/oauth2/confirmaccountsync")).permitAll()
// .requestMatchers(matcher.pattern("api/restfull/admin/**")).hasAnyRole("ADMIN") .requestMatchers(mvc.pattern("/api/restfull/admin/**")).hasAnyRole("ADMIN")
// .requestMatchers(matcher.pattern("/**")) .requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN")
// .authenticated() .anyRequest().authenticated()
//// .hasAnyRole("USER", "ADMIN") )
// ) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .httpBasic(withDefaults())
// .httpBasic(withDefaults()) .csrf(AbstractHttpConfigurer::disable)
// .csrf(AbstractHttpConfigurer::disable) .build();
// .build();
http.csrf().disable()
.authorizeHttpRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic(withDefaults());
return http.build();
} }
} }