Task: Add security configuration and implement for auth service and configs

This commit is contained in:
Sambo Chea 2021-08-08 17:40:08 +07:00
parent 0c2669d153
commit 9202c52640
2 changed files with 28 additions and 1 deletions

View File

@ -1,5 +1,9 @@
package com.cubetiqs.graphql.demo.config package com.cubetiqs.graphql.demo.config
import com.cubetiqs.graphql.demo.secutiry.AuthService
import com.cubetiqs.security.jwt.AuthenticationExceptionEntryPoint
import com.cubetiqs.security.jwt.JwtSecurityConfigurer
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
@ -11,11 +15,22 @@ import org.springframework.security.config.http.SessionCreationPolicy
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
class WebSecurityConfig : WebSecurityConfigurerAdapter() { class WebSecurityConfig : WebSecurityConfigurerAdapter() {
@Autowired
private lateinit var authService: AuthService
override fun configure(http: HttpSecurity) { override fun configure(http: HttpSecurity) {
http.csrf().disable() http.csrf()
.and()
.httpBasic()
.disable()
.sessionManagement() .sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and() .and()
.exceptionHandling()
.authenticationEntryPoint(AuthenticationExceptionEntryPoint())
.and()
.apply(JwtSecurityConfigurer(authService))
.and()
.authorizeRequests() .authorizeRequests()
.anyRequest() .anyRequest()
.permitAll() .permitAll()

View File

@ -0,0 +1,12 @@
package com.cubetiqs.graphql.demo.secutiry
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.stereotype.Service
@Service
class AuthService : UserDetailsService {
override fun loadUserByUsername(username: String?): UserDetails {
TODO("Not yet implemented")
}
}