April 29, 2025

Tesdfghjkl;'

Bill04 mins
Tesdfghjkl;'


package com.infra_automation.config;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@EnableWebSecurity
@Configuration
public class SecurityConfig {

private final String authApiBaseURL;
private final String registrationURL;
private final String loginURL;

@Autowired
public SecurityConfig(
        @Value("${api.auth.registration.url}") String registrationURL,
        @Value("${api.auth.base.url}") String authApiBaseUrl,
        @Value("${api.auth.login.url}") String loginURL,
        @Value("${auth.allow.origin}") String allowOriginUrl,
        @Value("#{'${auth.allow.method}'.split(',')}") List<String> allowMethods
) {
    this.registrationURL = registrationURL;
    this.loginURL = loginURL;
    this.authApiBaseURL = authApiBaseUrl;
}

@Bean
public CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(List.of("https://ekam.npci.org.in", "http://localhost:3003"));
    configuration.setAllowedMethods(List.of("GET", "POST", "DELETE", "PUT"));
    configuration.setAllowedHeaders(List.of("*"));
    configuration.setAllowCredentials(false);

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

@Bean
public SecurityFilterChain securityFilterChain(
        HttpSecurity httpSecurity,
        JwtAuthenticationFilter jwtAuthenticationFilter,
        JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint
) throws Exception {

    httpSecurity
            .csrf(AbstractHttpConfigurer::disable)
            .cors(Customizer.withDefaults())
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers(
                            authApiBaseURL + registrationURL + "/**",
                            authApiBaseURL + loginURL + "/**",
                            "/InfraBk/api/v1/inventory/flushDb",
                            "/InfraBk/api/v1/inventory/upload-inventory",
                            "InfraBk/api/v1/users/getProjectByName/**",
                            "InfraBk/api/v1/trackings/**"

                    ).permitAll()
                    .anyRequest().authenticated())
            .exceptionHandling(exception ->
                    exception.authenticationEntryPoint(jwtAuthenticationEntryPoint))
            .sessionManagement(session ->
                    session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .headers(headers -> headers
                    .defaultsDisabled()
                    .addHeaderWriter(new StaticHeadersWriter("Expect-CT", "max-age=3600, enforce"))
                    .addHeaderWriter(new StaticHeadersWriter("Referrer-Policy", "strict-origin-when-cross-origin"))
                    .addHeaderWriter(new StaticHeadersWriter("Permissions-Policy", "geolocation=(), microphone=(), camera=(), interest-cohort=()"))
                    .addHeaderWriter((request, response) -> response.setHeader("Content-Security-Policy",
                            "default-src 'self'; " +
                                    "script-src 'self'; " +
                                    "frame-ancestors 'self'; " +
                                    "img-src 'self'; " +
                                    "style-src 'self'; " +
                                    "object-src 'none'; " +
                                    "frame-src 'self'; " +
                                    "form-action 'self'; " +
                                    "media-src 'self';"
                    ))
            )
            .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

    return httpSecurity.build();
}

@Bean
public InMemoryUserDetailsManager userDetailsManager() {
    return new InMemoryUserDetailsManager();
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
        throws Exception {
    return authenticationConfiguration.getAuthenticationManager();
}

}



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News