diff --git a/src/main/java/com/alibou/security/config/JwtAuthenticationFilter.java b/src/main/java/com/alibou/security/config/JwtAuthenticationFilter.java index d6e55d1..a1c87cc 100644 --- a/src/main/java/com/alibou/security/config/JwtAuthenticationFilter.java +++ b/src/main/java/com/alibou/security/config/JwtAuthenticationFilter.java @@ -9,6 +9,7 @@ import java.beans.Transient; import java.io.IOException; import java.security.Security; +import java.util.Arrays; import jakarta.transaction.TransactionScoped; import jakarta.transaction.Transactional; @@ -21,6 +22,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; +import org.springframework.util.AntPathMatcher; @Component @RequiredArgsConstructor @@ -30,23 +32,27 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { private final UserDetailsService userDetailsService; private final TokenRepository tokenRepository; + private final AntPathMatcher antPathMatcher = new AntPathMatcher(); + @Override protected void doFilterInternal( @NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull FilterChain filterChain ) throws ServletException, IOException { - if (request.getServletPath().contains("/api/v1/auth")) { - filterChain.doFilter(request, response); - return; - } final String authHeader = request.getHeader("Authorization"); final String jwt; final String userEmail; - if (authHeader == null ||!authHeader.startsWith("Bearer ")) { + + if( + Arrays.stream(SecurityConfiguration.whiteListedRoutes).anyMatch(route -> antPathMatcher.match(route, req.getServletPath())) || + authHeader == null || + !authHeader.startsWith("Bearer ") + ) { filterChain.doFilter(request, response); return; } + jwt = authHeader.substring(7); userEmail = jwtService.extractUsername(jwt); if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) { diff --git a/src/main/java/com/alibou/security/config/SecurityConfiguration.java b/src/main/java/com/alibou/security/config/SecurityConfiguration.java index 9d899a2..5813018 100644 --- a/src/main/java/com/alibou/security/config/SecurityConfiguration.java +++ b/src/main/java/com/alibou/security/config/SecurityConfiguration.java @@ -1,6 +1,5 @@ package com.alibou.security.config; -import jakarta.servlet.Filter; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -40,6 +39,19 @@ public class SecurityConfiguration { private final JwtAuthenticationFilter jwtAuthFilter; private final AuthenticationProvider authenticationProvider; private final LogoutHandler logoutHandler; + public static final String[] whiteListedRoutes = new String[]{ + "/api/v1/auth/**", + "/v2/api-docs", + "/v3/api-docs", + "/v3/api-docs/**", + "/swagger-resources", + "/swagger-resources/**", + "/configuration/ui", + "/configuration/security", + "/swagger-ui/**", + "/webjars/**", + "/swagger-ui.html" + }; @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { @@ -47,20 +59,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .csrf() .disable() .authorizeHttpRequests() - .requestMatchers( - "/api/v1/auth/**", - "/v2/api-docs", - "/v3/api-docs", - "/v3/api-docs/**", - "/swagger-resources", - "/swagger-resources/**", - "/configuration/ui", - "/configuration/security", - "/swagger-ui/**", - "/webjars/**", - "/swagger-ui.html" - ) - .permitAll() + .requestMatchers(whiteListedRoutes) + .permitAll() .requestMatchers("/api/v1/management/**").hasAnyRole(ADMIN.name(), MANAGER.name())