config
Creamos el paquete config Este paquete vamos a crear las clases configuración de springboot.Creamos la clase ApplicationConfig y escribimos el siguiente código.
package com.tutosoftware.aloja.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.tutosoftware.aloja.repository.AdministradorRepository;
import lombok.RequiredArgsConstructor;
@Configuration
@RequiredArgsConstructor
public class ApplicationConfig {
private final AdministradorRepository adminRepository;
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception
{
return config.getAuthenticationManager();
}
@Bean
public AuthenticationProvider authenticationProvider()
{
DaoAuthenticationProvider authenticationProvider= new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailService());
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsService userDetailService() {
return username -> adminRepository.findByCorreo(username)
.orElseThrow(()-> new UsernameNotFoundException("User not fournd"));
}
}
Creamos la clase SecurityConfig
package com.tutosoftware.aloja.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.tutosoftware.aloja.jwt.JwtAuthenticationFilter;
import lombok.RequiredArgsConstructor;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
private final JwtAuthenticationFilter jwtAuthenticationFilter;
private final AuthenticationProvider authProvider;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
return http
.csrf(csrf ->
csrf
.disable())
.authorizeHttpRequests(authRequest ->
authRequest
.requestMatchers(HttpMethod.GET,"/api/v1/admin/{email}","/api/v1/admin").permitAll()
.requestMatchers(HttpMethod.OPTIONS).permitAll()
.requestMatchers(HttpMethod.POST,"/api/v1/admin").permitAll()
.requestMatchers(HttpMethod.PUT,"/api/v1/admin/{id}").permitAll()
.requestMatchers(HttpMethod.DELETE,"/api/v1/admin/{id}").permitAll()
.requestMatchers("/auth/**").permitAll()
.anyRequest().authenticated()
)
.sessionManagement(sessionManager->
sessionManager
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}
}