• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• spring-security-jwt-csrf-master
  • LICENSE
  • backend
    • src
      • main
        • resources
          • application.properties
        • java
          • com
            • alexatiks
              • security
                • TokenAuthenticationHelper.java
                • JWTLoginFilter.java
                • JWTAuthenticationFilter.java
              • config
                • WebSecurityConfiguration.java
              • Application.java
              • controller
                • TestController.java
    • gradle
      • wrapper
        • gradle-wrapper.properties
    • gradlew.bat
    • gradlew
    • build.gradle
    • .gitignore
  • README.en.md
  • .gitattributes
  • README.md
  • frontend
    • src
      • event-bus.js
      • main.js
      • router
        • index.js
      • components
        • NotFound.vue
        • Secured.vue
        • Home.vue
        • SignIn.vue
      • plugins
        • vuetify.js
      • store
        • state.js
        • getters.js
        • mutations.js
        • index.js
        • actions.js
      • App.vue
    • public
      • favicon.ico
      • index.html
    • .editorconfig
    • .browserslistrc
    • vue.config.js
    • README.md
    • package.json
    • .eslintrc.js
    • .gitignore
  • screenshots
  • .gitignore

package com.alexatiks.config;



import com.alexatiks.security.JWTAuthenticationFilter;
import com.alexatiks.security.JWTLoginFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;

@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.setAllowedOrigins(Arrays.asList("http://localhost:8080"));
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        return source;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
            .and()
                .csrf()
                .ignoringAntMatchers("/login")
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            .and()
                .authorizeRequests()
                .antMatchers("/onlyforadmin/**").hasAuthority("ADMIN")
                .antMatchers("/secured/**").hasAnyAuthority("USER", "ADMIN")
                .antMatchers("/**").permitAll()
            .and()
                .addFilterBefore(new JWTLoginFilter("/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("admin").password("{noop}password").authorities("USER", "ADMIN")
            .and()
                .withUser("user").password("{noop}password").authorities("USER");
    }
}