Fix SecurityConfig and JwtRequestFilter

2025-01-30 17:43:57 +01:00
parent 0293a35d52
commit 2bfe3a7c59
2 changed files with 14 additions and 6 deletions
--- a/src/main/java/ch/dlmw/swisssignchallenge/config/SecurityConfig.java
+++ b/src/main/java/ch/dlmw/swisssignchallenge/config/SecurityConfig.java
@ -30,11 +30,11 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
+            .csrf(AbstractHttpConfigurer::disable)
            .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/authenticate", "/register").permitAll() // Public endpoints
+                .requestMatchers("/token").permitAll() // Public endpoints
                .anyRequest().authenticated() // All other endpoints require authentication
            )
-                .csrf(AbstractHttpConfigurer::disable)
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));

        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
--- a/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
+++ b/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
@ -15,9 +15,11 @@ import org.springframework.web.filter.OncePerRequestFilter;
 import ch.dlmw.swisssignchallenge.utils.JwtUtil;

 import java.io.IOException;
+import java.util.List;

@Component
 public class JwtRequestFilter extends OncePerRequestFilter {
+    private static final List<String> EXCLUDED_URIS = List.of("/token");

    @Autowired
    private UserDetailsService userDetailsService;
@ -50,4 +52,10 @@ public class JwtRequestFilter extends OncePerRequestFilter {

        filterChain.doFilter(request, response);
    }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        var path = request.getRequestURI();
+        return EXCLUDED_URIS.contains(path);
+    }
 }