Class BaseSecurityConfig
java.lang.Object
at.jku.dke.etutor.task_app.config.BaseSecurityConfig
@EnableWebSecurity
@EnableMethodSecurity
@EnableConfigurationProperties(ApiKeyConfiguration.class)
@ComponentScan(basePackageClasses={AuthenticationService.class,ProblemDetailsExceptionHandler.class})
public abstract class BaseSecurityConfig
extends Object
Base class for security configuration.
Override this class and add the Configuration annotation to the subclass.
This class configures the following:
- CSRF protection is disabled
- Secure HTTP headers are configured (Referrer Policy, Frame Options, XSS Protection)
- HTTP request authorizations are configured (all /api/ endpoints must be authenticated, actuator endpoints health/* are permitted by all, info needs to be authenticated and all other actuator endpoints need CRUD authority).
- Session management is configured to stateless
- An
AuthenticationFilteris added to the filter chain - Additional configuration can be done by overriding the
additionalHttpRequestAuthorizationCustomization(AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry)method - Additional configuration can be done by overriding the
additionalFilterChainCustomization(HttpSecurity)method
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidadditionalFilterChainCustomization(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Override this method to customize the security filter chain.protected voidadditionalHttpRequestAuthorizationCustomization(org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry registry) Override this method to configure additional HTTP request authorizations.org.springframework.security.web.SecurityFilterChainfilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthenticationService authenticationService) Configures the applications' security filter chain.
-
Constructor Details
-
BaseSecurityConfig
protected BaseSecurityConfig()Creates a new instance of classBaseSecurityConfig.
-
-
Method Details
-
filterChain
@Bean public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthenticationService authenticationService) throws Exception Configures the applications' security filter chain.- Parameters:
http- The HTTP security configuration.authenticationService- The authentication service.- Returns:
- The security filter chain.
- Throws:
Exception- If the configuration fails.
-
additionalHttpRequestAuthorizationCustomization
protected void additionalHttpRequestAuthorizationCustomization(org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry registry) Override this method to configure additional HTTP request authorizations.- Parameters:
registry- The request matcher registry.
-
additionalFilterChainCustomization
protected void additionalFilterChainCustomization(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception Override this method to customize the security filter chain.- Parameters:
http- The HTTP security configuration.- Throws:
Exception- If the customization fails.
-