Created
December 13, 2022 08:34
-
-
Save mustafatoker/7d88775029d02ab5c1f23791681700dc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.security.test.config; | |
| import lombok.RequiredArgsConstructor; | |
| import org.springframework.context.annotation.Bean; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.config.Customizer; | |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; | |
| import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; | |
| import org.springframework.security.config.http.SessionCreationPolicy; | |
| import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | |
| import org.springframework.security.crypto.password.PasswordEncoder; | |
| import org.springframework.security.web.SecurityFilterChain; | |
| import org.springframework.security.core.userdetails.User; | |
| import org.springframework.security.core.userdetails.UserDetailsService; | |
| import org.springframework.security.provisioning.InMemoryUserDetailsManager; | |
| @Configuration | |
| @EnableWebSecurity | |
| @RequiredArgsConstructor | |
| public class SecurityConfig { | |
| @Bean | |
| public UserDetailsService userDetailsService() { | |
| var user = User.withUsername("user") | |
| .password(passwordEncoder().encode("password")) | |
| .roles("USER") | |
| .build(); | |
| return new InMemoryUserDetailsManager(user); | |
| } | |
| @Bean | |
| public WebSecurityCustomizer webSecurityCustomizer() { | |
| return (web) -> web.ignoring().requestMatchers("/h2-console/**"); | |
| } | |
| @Bean | |
| public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception { | |
| httpSecurity | |
| .csrf(AbstractHttpConfigurer::disable) | |
| .cors(AbstractHttpConfigurer::disable) | |
| .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) | |
| .authorizeHttpRequests() | |
| .requestMatchers("/user/**").permitAll() | |
| .anyRequest().authenticated() | |
| .and() | |
| .httpBasic(Customizer.withDefaults()); | |
| return httpSecurity.build(); | |
| } | |
| @Bean | |
| public PasswordEncoder passwordEncoder() { | |
| return new BCryptPasswordEncoder(); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment