Merge pull request #75 from AnswerConsulting/BENCH-180

martintaylor1635 · web-flow · commit cafb426a650a · 2022-11-16T12:30:39.000Z
BENCH-180 SPRING SECURITY CONFIG REFACTOR
diff --git a/src/main/java/com/answerdigital/answerking/config/SecurityConfig.java b/src/main/java/com/answerdigital/answerking/config/SecurityConfig.java
@@ -3,7 +3,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -12,11 +11,28 @@
 
 @EnableWebSecurity
 public class SecurityConfig {
+    private static final String[] PERMITTED_PATTERNS = {
+        "/api/swagger/**",
+        "/api/swagger-ui/**",
+        "/api/swagger-ui.html",
+        "/api/swagger-ui-custom.html",
+        "/webjars/**",
+        "/api/swagger-resources/**",
+        "/api/configuration/**",
+        "/api/api-docs/**"
+    };
+
+    private static final String COMMON_ROLE = "ROLE_USER";
+
+    private static final String COMMON_PASSWORD = "{noop}secret";
+
     @Bean
     public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
         http
             .csrf().disable()
-            .authorizeRequests().anyRequest().authenticated()
+            .authorizeRequests()
+            .antMatchers(PERMITTED_PATTERNS).permitAll()
+            .anyRequest().authenticated()
             .and()
             .httpBasic()
             .and()
@@ -29,35 +45,25 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws E
     @Bean
     public InMemoryUserDetailsManager userDetailsManager() {
         final UserDetails paul = User.withUsername("paul")
-                .password("{noop}secret")
-                .authorities("ROLE_USER")
+                .password(COMMON_PASSWORD)
+                .authorities(COMMON_ROLE)
                 .build();
 
         final UserDetails john = User.withUsername("john")
-                .password("{noop}secret")
-                .authorities("ROLE_USER")
+                .password(COMMON_PASSWORD)
+                .authorities(COMMON_ROLE)
                 .build();
 
         final UserDetails ringo = User.withUsername("ringo")
-                .password("{noop}secret")
-                .authorities("ROLE_USER")
+                .password(COMMON_PASSWORD)
+                .authorities(COMMON_ROLE)
                 .build();
 
         final UserDetails george = User.withUsername("george")
-                .password("{noop}secret")
-                .authorities("ROLE_USER")
+                .password(COMMON_PASSWORD)
+                .authorities(COMMON_ROLE)
                 .build();
 
         return new InMemoryUserDetailsManager(paul, john, ringo, george);
     }
-
-    @Bean
-    public WebSecurityCustomizer webSecurityCustomizer() {
-        return web -> web
-                        .ignoring()
-                        .antMatchers("/")
-                        .antMatchers("/api/swagger/**”,”/api/swagger-ui/**”,”/api/swagger-ui.html”," +
-                                "/api/swagger-ui-custom.html", "/webjars/**", "/api/swagger-resources/**",
-                                "/api/configuration/**”, ”/api/api-docs/**");
-    }
 }
