52 lines
1.9 KiB
Kotlin
52 lines
1.9 KiB
Kotlin
package com.android.trisolarisserver.security
|
|
|
|
import org.springframework.context.annotation.Bean
|
|
import org.springframework.context.annotation.Configuration
|
|
import org.springframework.core.annotation.Order
|
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
|
import org.springframework.security.config.http.SessionCreationPolicy
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
|
|
import org.springframework.security.web.SecurityFilterChain
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
|
|
|
@Configuration(proxyBeanMethods = false)
|
|
@EnableMethodSecurity
|
|
class SecurityConfig(
|
|
private val firebaseAuthFilter: FirebaseAuthFilter
|
|
) {
|
|
@Bean
|
|
fun webSecurityCustomizer(): WebSecurityCustomizer {
|
|
return WebSecurityCustomizer {
|
|
it.ignoring().requestMatchers("/", "/health", "/auth/**")
|
|
}
|
|
}
|
|
|
|
@Bean
|
|
@Order(1)
|
|
fun publicChain(http: HttpSecurity): SecurityFilterChain {
|
|
http
|
|
.securityMatcher("/", "/health", "/auth/**")
|
|
.csrf { it.disable() }
|
|
.authorizeHttpRequests { it.anyRequest().permitAll() }
|
|
.httpBasic { it.disable() }
|
|
.formLogin { it.disable() }
|
|
return http.build()
|
|
}
|
|
|
|
@Bean
|
|
@Order(2)
|
|
fun apiChain(http: HttpSecurity): SecurityFilterChain {
|
|
http
|
|
.csrf { it.disable() }
|
|
.sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
|
|
.authorizeHttpRequests {
|
|
it.anyRequest().authenticated()
|
|
}
|
|
.httpBasic { it.disable() }
|
|
.formLogin { it.disable() }
|
|
.addFilterBefore(firebaseAuthFilter, UsernamePasswordAuthenticationFilter::class.java)
|
|
return http.build()
|
|
}
|
|
}
|