Task: Add security configuration and implement for auth service and configs

2021-08-08 17:40:08 +07:00 · 2021-08-08 17:40:08 +07:00 · 9202c52640
parent 0c2669d153
commit 9202c52640
2 changed files with 28 additions and 1 deletions
--- a/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/config/WebSecurityConfig.kt
+++ b/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/config/WebSecurityConfig.kt
@ -1,5 +1,9 @@
 package com.cubetiqs.graphql.demo.config

+import com.cubetiqs.graphql.demo.secutiry.AuthService
+import com.cubetiqs.security.jwt.AuthenticationExceptionEntryPoint
+import com.cubetiqs.security.jwt.JwtSecurityConfigurer
+import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
@ -11,11 +15,22 @@ import org.springframework.security.config.http.SessionCreationPolicy
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 class WebSecurityConfig : WebSecurityConfigurerAdapter() {
+    @Autowired
+    private lateinit var authService: AuthService
+
    override fun configure(http: HttpSecurity) {
-        http.csrf().disable()
+        http.csrf()
+            .and()
+            .httpBasic()
+            .disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
+            .exceptionHandling()
+            .authenticationEntryPoint(AuthenticationExceptionEntryPoint())
+            .and()
+            .apply(JwtSecurityConfigurer(authService))
+            .and()
            .authorizeRequests()
            .anyRequest()
            .permitAll()
--- a/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/secutiry/AuthService.kt
+++ b/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/secutiry/AuthService.kt
@ -0,0 +1,12 @@
+package com.cubetiqs.graphql.demo.secutiry
+
+import org.springframework.security.core.userdetails.UserDetails
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.stereotype.Service
+
+@Service
+class AuthService : UserDetailsService {
+    override fun loadUserByUsername(username: String?): UserDetails {
+        TODO("Not yet implemented")
+    }
+}