dlmw/swisssign-challenge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SecurityConfig and JwtRequestFilter

Browse Source
This commit is contained in:
dylan
2025-01-30 17:43:57 +01:00
parent 0293a35d52
commit 2bfe3a7c59
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/ch/dlmw/swisssignchallenge/config/SecurityConfig.java
View File

@ -30,12 +30,12 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http http
.authorizeHttpRequests(auth -> auth .csrf(AbstractHttpConfigurer::disable)
.requestMatchers("/authenticate", "/register").permitAll() // Public endpoints .authorizeHttpRequests(auth -> auth
.anyRequest().authenticated() // All other endpoints require authentication .requestMatchers("/token").permitAll() // Public endpoints
) .anyRequest().authenticated() // All other endpoints require authentication
.csrf(AbstractHttpConfigurer::disable) )
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
return http.build(); return http.build();

8
src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
View File

@ -15,9 +15,11 @@ import org.springframework.web.filter.OncePerRequestFilter;
import ch.dlmw.swisssignchallenge.utils.JwtUtil; import ch.dlmw.swisssignchallenge.utils.JwtUtil;
import java.io.IOException; import java.io.IOException;
import java.util.List;
@Component @Component
public class JwtRequestFilter extends OncePerRequestFilter { public class JwtRequestFilter extends OncePerRequestFilter {
private static final List<String> EXCLUDED_URIS = List.of("/token");
@Autowired @Autowired
private UserDetailsService userDetailsService; private UserDetailsService userDetailsService;
@ -50,4 +52,10 @@ public class JwtRequestFilter extends OncePerRequestFilter {
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
} }
@Override
protected boolean shouldNotFilter(HttpServletRequest request) {
var path = request.getRequestURI();
return EXCLUDED_URIS.contains(path);
}
} }