androidlover5842/TrisolarisServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c337b8709555512b76a7139b117e724850689d9
TrisolarisServer/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
androidlover5842 2c337b8709
All checks were successful
build-and-deploy / build-deploy (push) Successful in 27s
Details
Return 401 for auth failures and log verify
2026-01-26 21:36:22 +05:30

39 lines
1.7 KiB
Kotlin
Raw Blame History

package com.android.trisolarisserver.security
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import org.springframework.security.web.authentication.HttpStatusEntryPoint
import org.springframework.http.HttpStatus
@Configuration(proxyBeanMethods = false)
@EnableMethodSecurity
class SecurityConfig(
private val firebaseAuthFilter: FirebaseAuthFilter
) {
@Bean
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http
.csrf { it.disable() }
.sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
.authorizeHttpRequests {
it.requestMatchers("/", "/health", "/auth/**").permitAll()
it.anyRequest().authenticated()
}
.exceptionHandling {
it.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
it.accessDeniedHandler { _, response, _ ->
response.sendError(HttpStatus.UNAUTHORIZED.value(), "Unauthorized")
}
}
.httpBasic { it.disable() }
.formLogin { it.disable() }
.addFilterBefore(firebaseAuthFilter, UsernamePasswordAuthenticationFilter::class.java)
return http.build()
}
}
Reference in New Issue View Git Blame Copy Permalink