judaur2005/fiscad
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
81bd7d90344837b9ec67732019b458c3987e4d73
fiscad/src/main/java/io/gmss/fiscad/configuration/SpringSecurityConfig.java
Aurince AKAKPO 558f95869c
All checks were successful
CI - Build & Test (develop) / build-and-test (pull_request) Successful in 36s
Details
gestion revu de code en utilisant uniquement les DTO
2026-02-18 15:00:15 +01:00

175 lines
7.3 KiB
Java
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package io.gmss.fiscad.configuration;
import io.gmss.fiscad.security.JwtAuthenticationEntryPoint;
import io.gmss.fiscad.security.JwtAuthenticationFilter;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import java.util.List;
@EnableWebSecurity
@Configuration
@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true)
@RequiredArgsConstructor
public class SpringSecurityConfig {
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
private final AuthenticationProvider authenticationProvider;
private final JwtAuthenticationFilter jwtAuthenticationFilter;
private static final String[] PUBLIC_ENDPOINTS = {
"/api/auth/login",
"/api/open/**",
"/api/synchronisation/references",
"/v3/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html",
"/error",
"/api/**" // A ENLEVER AVANT LA MISE EN PRODUCTION
};
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
// Désactivation CSRF car JWT stateless
.csrf(AbstractHttpConfigurer::disable)
// CORS configuration propre
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
// Gestion des exceptions dauthentification
.exceptionHandling(exception ->
exception.authenticationEntryPoint(jwtAuthenticationEntryPoint)
)
// Stateless session
.sessionManagement(session ->
session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
// Configuration des autorisations
.authorizeHttpRequests(auth -> auth
// Autoriser les requêtes OPTIONS (CORS preflight)
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// Endpoints publics
.requestMatchers(PUBLIC_ENDPOINTS).permitAll()
// Tout le reste nécessite authentification
.anyRequest().authenticated()
)
// Provider dauthentification
.authenticationProvider(authenticationProvider)
// Ajout du filtre JWT avant UsernamePasswordAuthenticationFilter
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
/**
* Configuration CORS centralisée.
* ⚠️ En production, remplacer "*" par ton domaine frontend.
*/
@Bean
public CorsConfigurationSource corsConfigurationSource() {
return request -> {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("*")); // ⚠️ restreindre en prod
configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
configuration.setAllowedHeaders(List.of("*"));
configuration.setAllowCredentials(false);
return configuration;
};
}
}
/*
import io.gmss.fiscad.security.JwtAuthenticationEntryPoint;
import io.gmss.fiscad.security.JwtAuthenticationFilter;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import java.util.Arrays;
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true)
@RequiredArgsConstructor
public class SpringSecurityConfig {
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
private final AuthenticationProvider authenticationProvider;
private final JwtAuthenticationFilter jwtAuthenticationFilter;
private static final String[] AUTH_WHITELIST = {
// "/api/**",
"/api/auth/login",
"/api/open/**",
"/api/synchronisation/references",
"/v3/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html",
"/error"
};
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.cors(cors -> cors.configurationSource(request -> {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
return configuration;
}))
.csrf(AbstractHttpConfigurer::disable)
// .csrf(csrf -> {
// csrf.ignoringRequestMatchers("/api/**");
// })
.exceptionHandling(ex -> ex.authenticationEntryPoint(jwtAuthenticationEntryPoint))
.authorizeHttpRequests(req ->
req
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers(AUTH_WHITELIST).permitAll()
.anyRequest()
.authenticated()
)
.authenticationProvider(authenticationProvider)
.sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
;
return http.build();
}
}*/
Reference in New Issue View Git Blame Copy Permalink