From 9202c52640f82e6cbaf647ad022dc64324b6041d Mon Sep 17 00:00:00 2001 From: Sambo Chea Date: Sun, 8 Aug 2021 17:40:08 +0700 Subject: [PATCH] Task: Add security configuration and implement for auth service and configs --- .../graphql/demo/config/WebSecurityConfig.kt | 17 ++++++++++++++++- .../graphql/demo/secutiry/AuthService.kt | 12 ++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/secutiry/AuthService.kt diff --git a/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/config/WebSecurityConfig.kt b/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/config/WebSecurityConfig.kt index fd14544..52075ba 100644 --- a/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/config/WebSecurityConfig.kt +++ b/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/config/WebSecurityConfig.kt @@ -1,5 +1,9 @@ package com.cubetiqs.graphql.demo.config +import com.cubetiqs.graphql.demo.secutiry.AuthService +import com.cubetiqs.security.jwt.AuthenticationExceptionEntryPoint +import com.cubetiqs.security.jwt.JwtSecurityConfigurer +import org.springframework.beans.factory.annotation.Autowired import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity @@ -11,11 +15,22 @@ import org.springframework.security.config.http.SessionCreationPolicy @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) class WebSecurityConfig : WebSecurityConfigurerAdapter() { + @Autowired + private lateinit var authService: AuthService + override fun configure(http: HttpSecurity) { - http.csrf().disable() + http.csrf() + .and() + .httpBasic() + .disable() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() + .exceptionHandling() + .authenticationEntryPoint(AuthenticationExceptionEntryPoint()) + .and() + .apply(JwtSecurityConfigurer(authService)) + .and() .authorizeRequests() .anyRequest() .permitAll() diff --git a/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/secutiry/AuthService.kt b/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/secutiry/AuthService.kt new file mode 100644 index 0000000..8a62126 --- /dev/null +++ b/dgs-graphql/src/main/kotlin/com/cubetiqs/graphql/demo/secutiry/AuthService.kt @@ -0,0 +1,12 @@ +package com.cubetiqs.graphql.demo.secutiry + +import org.springframework.security.core.userdetails.UserDetails +import org.springframework.security.core.userdetails.UserDetailsService +import org.springframework.stereotype.Service + +@Service +class AuthService : UserDetailsService { + override fun loadUserByUsername(username: String?): UserDetails { + TODO("Not yet implemented") + } +} \ No newline at end of file