From 5933eac025502978a4c0e3546ed9504408e6969c Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 15 Dec 2022 17:27:13 +0300
Subject: Cleanup Security config

---
 src/main/java/com/juick/config/SecurityConfig.java | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'src/main/java/com/juick/config/SecurityConfig.java')

diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index b531e62f..dce44b5e 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -26,10 +26,10 @@ import com.juick.service.security.entities.JuickUser;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -67,7 +67,7 @@ public class SecurityConfig {
     }
 
     @Bean
-    static CorsConfigurationSource corsConfigurationSource() {
+    CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
         configuration.setAllowedOrigins(Collections.singletonList("*"));
@@ -120,7 +120,6 @@ public class SecurityConfig {
     }
 
     @Bean
-    @Order(1)
     SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
         http.securityMatcher("/api/**")
                 .addFilterBefore(apiAuthenticationFilter(), BasicAuthenticationFilter.class)
@@ -161,6 +160,22 @@ public class SecurityConfig {
         return handler;
     }
 
+    @Bean
+    SecurityFilterChain h2ConsoFilterChain(HttpSecurity http) throws Exception {
+        http.securityMatcher("/h2-console/**")
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest().permitAll())
+                .anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER)
+                        .authorities(JuickUser.ANONYMOUS_AUTHORITY))
+                .csrf().disable()
+                .sessionManagement(sessionManagement -> sessionManagement
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .exceptionHandling(exceptionHandling -> exceptionHandling
+                        .authenticationEntryPoint(juickAuthenticationEntryPoint()))
+                .headers().defaultsDisabled().cacheControl();
+        return http.build();
+    }
+
     @Bean
     SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
         http.addFilterBefore(wwwAuthenticationFilter(), BasicAuthenticationFilter.class)
-- 
cgit v1.2.3