Cleanup Security config

author: Vitaly Takmazov 2022-12-15 17:27:13 +0300
committer: Vitaly Takmazov 2022-12-15 17:27:13 +0300
commit: 5933eac025502978a4c0e3546ed9504408e6969c (patch)
tree: 8503f89b95e261e09b7349459c2cfa4e3e4cb37b /src/main/java/com/juick/config
parent: e13c2e7e970fdfb30186edbb58d2982551f1607f (diff)
1 files changed, 18 insertions, 3 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index b531e62f..dce44b5e 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -26,10 +26,10 @@ import com.juick.service.security.entities.JuickUser;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -67,7 +67,7 @@ public class SecurityConfig {
     }
 
     @Bean
-    static CorsConfigurationSource corsConfigurationSource() {
+    CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
         configuration.setAllowedOrigins(Collections.singletonList("*"));
@@ -120,7 +120,6 @@ public class SecurityConfig {
     }
 
     @Bean
-    @Order(1)
     SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
         http.securityMatcher("/api/**")
                 .addFilterBefore(apiAuthenticationFilter(), BasicAuthenticationFilter.class)
@@ -162,6 +161,22 @@ public class SecurityConfig {
     }
 
     @Bean
+    SecurityFilterChain h2ConsoFilterChain(HttpSecurity http) throws Exception {
+        http.securityMatcher("/h2-console/**")
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest().permitAll())
+                .anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER)
+                        .authorities(JuickUser.ANONYMOUS_AUTHORITY))
+                .csrf().disable()
+                .sessionManagement(sessionManagement -> sessionManagement
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .exceptionHandling(exceptionHandling -> exceptionHandling
+                        .authenticationEntryPoint(juickAuthenticationEntryPoint()))
+                .headers().defaultsDisabled().cacheControl();
+        return http.build();
+    }
+
+    @Bean
     SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
         http.addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class)
                 .authorizeHttpRequests(authorize -> authorize
author	Vitaly Takmazov	2022-12-15 17:27:13 +0300
committer	Vitaly Takmazov	2022-12-15 17:27:13 +0300
commit	5933eac025502978a4c0e3546ed9504408e6969c (patch)
tree	8503f89b95e261e09b7349459c2cfa4e3e4cb37b /src/main/java/com/juick/config
parent	e13c2e7e970fdfb30186edbb58d2982551f1607f (diff)