diff --git a/pom.xml b/pom.xml
index f59034e..bc9f0a2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,25 +12,23 @@
UTF-8
UTF-8
- 1.8
+ 17
murraco.JwtAuthServiceApp
org.springframework.boot
spring-boot-starter-parent
- 2.5.4
+ 3.4.4
-
org.springframework.boot
spring-boot-starter-web
-
org.springframework.boot
spring-boot-starter-data-jpa
@@ -40,32 +38,30 @@
spring-boot-starter-validation
-
org.springframework.boot
spring-boot-starter-security
-
org.springframework.security
spring-security-test
test
-
org.springframework.boot
spring-boot-devtools
true
+
-
- mysql
- mysql-connector-java
+ com.mysql
+ mysql-connector-j
+ 8.2.0
+
+
+ com.h2database
+ h2
+ runtime
-
- com.h2database
- h2
- runtime
-
org.projectlombok
@@ -74,29 +70,30 @@
provided
-
- io.springfox
- springfox-swagger2
- 2.9.2
-
-
-
- io.springfox
- springfox-swagger-ui
- 2.10.0
+ org.springdoc
+ springdoc-openapi-starter-webmvc-ui
+ 2.8.6
-
io.jsonwebtoken
jjwt
0.9.1
-
org.modelmapper
modelmapper
2.4.4
+
+ javax.xml.bind
+ jaxb-api
+ 2.3.1
+
+
+ org.glassfish.jaxb
+ jaxb-runtime
+ 2.3.3
+
@@ -108,4 +105,4 @@
-
+
\ No newline at end of file
diff --git a/src/main/java/murraco/JwtAuthServiceApp.java b/src/main/java/murraco/JwtAuthServiceApp.java
index d2414d2..b5f65f7 100644
--- a/src/main/java/murraco/JwtAuthServiceApp.java
+++ b/src/main/java/murraco/JwtAuthServiceApp.java
@@ -1,18 +1,17 @@
package murraco;
-import java.util.ArrayList;
-import java.util.Arrays;
-
import lombok.RequiredArgsConstructor;
import murraco.model.AppUser;
import murraco.model.AppUserRole;
+import murraco.service.UserService;
import org.modelmapper.ModelMapper;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
-import murraco.service.UserService;
+import java.util.ArrayList;
+import java.util.List;
@SpringBootApplication
@RequiredArgsConstructor
@@ -30,12 +29,12 @@ public ModelMapper modelMapper() {
}
@Override
- public void run(String... params) throws Exception {
+ public void run(String... params) {
AppUser admin = new AppUser();
admin.setUsername("admin");
admin.setPassword("admin");
admin.setEmail("admin@email.com");
- admin.setAppUserRoles(new ArrayList(Arrays.asList(AppUserRole.ROLE_ADMIN)));
+ admin.setAppUserRoles(new ArrayList<>(List.of(AppUserRole.ROLE_ADMIN)));
userService.signup(admin);
@@ -43,7 +42,7 @@ public void run(String... params) throws Exception {
client.setUsername("client");
client.setPassword("client");
client.setEmail("client@email.com");
- client.setAppUserRoles(new ArrayList(Arrays.asList(AppUserRole.ROLE_CLIENT)));
+ client.setAppUserRoles(new ArrayList<>(List.of(AppUserRole.ROLE_CLIENT)));
userService.signup(client);
}
diff --git a/src/main/java/murraco/configuration/SwaggerConfig.java b/src/main/java/murraco/configuration/SwaggerConfig.java
deleted file mode 100644
index 16e753a..0000000
--- a/src/main/java/murraco/configuration/SwaggerConfig.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package murraco.configuration;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-import com.google.common.base.Predicates;
-
-import springfox.documentation.builders.ApiInfoBuilder;
-import springfox.documentation.builders.PathSelectors;
-import springfox.documentation.builders.RequestHandlerSelectors;
-import springfox.documentation.service.ApiInfo;
-import springfox.documentation.service.ApiKey;
-import springfox.documentation.service.AuthorizationScope;
-import springfox.documentation.service.Contact;
-import springfox.documentation.service.SecurityReference;
-import springfox.documentation.service.Tag;
-import springfox.documentation.spi.DocumentationType;
-import springfox.documentation.spi.service.contexts.SecurityContext;
-import springfox.documentation.spring.web.plugins.Docket;
-import springfox.documentation.swagger2.annotations.EnableSwagger2;
-
-@Configuration
-@EnableSwagger2
-public class SwaggerConfig {
-
- @Bean
- public Docket api() {
- return new Docket(DocumentationType.SWAGGER_2)//
- .select()//
- .apis(RequestHandlerSelectors.any())//
- .paths(Predicates.not(PathSelectors.regex("/error")))//
- .build()//
- .apiInfo(metadata())//
- .useDefaultResponseMessages(false)//
- .securitySchemes(Collections.singletonList(apiKey()))
- .securityContexts(Collections.singletonList(securityContext()))
- .tags(new Tag("users", "Operations about users"))//
- .genericModelSubstitutes(Optional.class);
-
- }
-
- private ApiInfo metadata() {
- return new ApiInfoBuilder()//
- .title("JSON Web Token Authentication API")//
- .description("This is a sample JWT authentication service. You can find out more about JWT at [https://jwt.io/](https://jwt.io/). For this sample, you can use the `admin` or `client` users (password: admin and client respectively) to test the authorization filters. Once you have successfully logged in and obtained the token, you should click on the right top button `Authorize` and introduce it with the prefix \"Bearer \".")//
- .version("1.0.0")//
- .license("MIT License").licenseUrl("http://opensource.org/licenses/MIT")//
- .contact(new Contact(null, null, "mauriurraco@gmail.com"))//
- .build();
- }
-
- private ApiKey apiKey() {
- return new ApiKey("Authorization", "Authorization", "header");
- }
-
- private SecurityContext securityContext() {
- return SecurityContext.builder()
- .securityReferences(defaultAuth())
- .forPaths(PathSelectors.any())
- .build();
- }
-
- private List defaultAuth() {
- AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
- AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
- authorizationScopes[0] = authorizationScope;
- return Arrays.asList(new SecurityReference("Authorization", authorizationScopes));
- }
-
-}
diff --git a/src/main/java/murraco/controller/UserController.java b/src/main/java/murraco/controller/UserController.java
index e4f60b4..879a094 100644
--- a/src/main/java/murraco/controller/UserController.java
+++ b/src/main/java/murraco/controller/UserController.java
@@ -1,6 +1,12 @@
package murraco.controller;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import murraco.model.AppUser;
@@ -15,19 +21,13 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiParam;
-import io.swagger.annotations.ApiResponse;
-import io.swagger.annotations.ApiResponses;
-import io.swagger.annotations.Authorization;
import murraco.dto.UserDataDTO;
import murraco.dto.UserResponseDTO;
import murraco.service.UserService;
@RestController
@RequestMapping("/users")
-@Api(tags = "users")
+@Tag(name = "users")
@RequiredArgsConstructor
public class UserController {
@@ -35,58 +35,61 @@ public class UserController {
private final ModelMapper modelMapper;
@PostMapping("/signin")
- @ApiOperation(value = "${UserController.signin}")
- @ApiResponses(value = {//
- @ApiResponse(code = 400, message = "Something went wrong"), //
- @ApiResponse(code = 422, message = "Invalid username/password supplied")})
- public String login(//
- @ApiParam("Username") @RequestParam String username, //
- @ApiParam("Password") @RequestParam String password) {
+ @Operation(summary = "${UserController.signin}")
+ @ApiResponses(value = {
+ @ApiResponse(responseCode = "400", description = "Something went wrong"),
+ @ApiResponse(responseCode = "422", description = "Invalid username/password supplied")
+ })
+ public String login(
+ @Parameter(description = "Username") @RequestParam String username,
+ @Parameter(description = "Password") @RequestParam String password) {
return userService.signin(username, password);
}
@PostMapping("/signup")
- @ApiOperation(value = "${UserController.signup}")
- @ApiResponses(value = {//
- @ApiResponse(code = 400, message = "Something went wrong"), //
- @ApiResponse(code = 403, message = "Access denied"), //
- @ApiResponse(code = 422, message = "Username is already in use")})
- public String signup(@ApiParam("Signup User") @RequestBody UserDataDTO user) {
+ @Operation(summary = "${UserController.signup}")
+ @ApiResponses(value = {
+ @ApiResponse(responseCode = "400", description = "Something went wrong"),
+ @ApiResponse(responseCode = "403", description = "Access denied"),
+ @ApiResponse(responseCode = "422", description = "Username is already in use")
+ })
+ public String signup(@Parameter(description = "Signup User") @RequestBody UserDataDTO user) {
return userService.signup(modelMapper.map(user, AppUser.class));
}
@DeleteMapping(value = "/{username}")
@PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(value = "${UserController.delete}", authorizations = { @Authorization(value="apiKey") })
- @ApiResponses(value = {//
- @ApiResponse(code = 400, message = "Something went wrong"), //
- @ApiResponse(code = 403, message = "Access denied"), //
- @ApiResponse(code = 404, message = "The user doesn't exist"), //
- @ApiResponse(code = 500, message = "Expired or invalid JWT token")})
- public String delete(@ApiParam("Username") @PathVariable String username) {
+ @Operation(summary = "${UserController.delete}", security = @SecurityRequirement(name = "apiKey"))
+ @ApiResponses(value = {
+ @ApiResponse(responseCode = "400", description = "Something went wrong"),
+ @ApiResponse(responseCode = "403", description = "Access denied"),
+ @ApiResponse(responseCode = "404", description = "The user doesn't exist"),
+ @ApiResponse(responseCode = "500", description = "Expired or invalid JWT token")
+ })
+ public String delete(@Parameter(description = "Username") @PathVariable String username) {
userService.delete(username);
return username;
}
@GetMapping(value = "/{username}")
@PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(value = "${UserController.search}", response = UserResponseDTO.class, authorizations = { @Authorization(value="apiKey") })
- @ApiResponses(value = {//
- @ApiResponse(code = 400, message = "Something went wrong"), //
- @ApiResponse(code = 403, message = "Access denied"), //
- @ApiResponse(code = 404, message = "The user doesn't exist"), //
- @ApiResponse(code = 500, message = "Expired or invalid JWT token")})
- public UserResponseDTO search(@ApiParam("Username") @PathVariable String username) {
+ @Operation(summary = "${UserController.search}", responses = {
+ @ApiResponse(responseCode = "400", description = "Something went wrong"),
+ @ApiResponse(responseCode = "403", description = "Access denied"),
+ @ApiResponse(responseCode = "404", description = "The user doesn't exist"),
+ @ApiResponse(responseCode = "500", description = "Expired or invalid JWT token")
+ }, security = @SecurityRequirement(name = "apiKey"))
+ public UserResponseDTO search(@Parameter(description = "Username") @PathVariable String username) {
return modelMapper.map(userService.search(username), UserResponseDTO.class);
}
@GetMapping(value = "/me")
@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')")
- @ApiOperation(value = "${UserController.me}", response = UserResponseDTO.class, authorizations = { @Authorization(value="apiKey") })
- @ApiResponses(value = {//
- @ApiResponse(code = 400, message = "Something went wrong"), //
- @ApiResponse(code = 403, message = "Access denied"), //
- @ApiResponse(code = 500, message = "Expired or invalid JWT token")})
+ @Operation(summary = "${UserController.me}", responses = {
+ @ApiResponse(responseCode = "400", description = "Something went wrong"),
+ @ApiResponse(responseCode = "403", description = "Access denied"),
+ @ApiResponse(responseCode = "500", description = "Expired or invalid JWT token")
+ }, security = @SecurityRequirement(name = "apiKey"))
public UserResponseDTO whoami(HttpServletRequest req) {
return modelMapper.map(userService.whoami(req), UserResponseDTO.class);
}
diff --git a/src/main/java/murraco/dto/UserDataDTO.java b/src/main/java/murraco/dto/UserDataDTO.java
index e7b94f1..5680e03 100644
--- a/src/main/java/murraco/dto/UserDataDTO.java
+++ b/src/main/java/murraco/dto/UserDataDTO.java
@@ -2,7 +2,7 @@
import java.util.List;
-import io.swagger.annotations.ApiModelProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import lombok.NoArgsConstructor;
import murraco.model.AppUserRole;
@@ -10,14 +10,14 @@
@Data
@NoArgsConstructor
public class UserDataDTO {
-
- @ApiModelProperty(position = 0)
+
+ @Schema(description = "Username")
private String username;
- @ApiModelProperty(position = 1)
+ @Schema(description = "Email")
private String email;
- @ApiModelProperty(position = 2)
+ @Schema(description = "Password")
private String password;
- @ApiModelProperty(position = 3)
+ @Schema(description = "User roles")
List appUserRoles;
}
diff --git a/src/main/java/murraco/dto/UserResponseDTO.java b/src/main/java/murraco/dto/UserResponseDTO.java
index d6e71b1..bc254a7 100644
--- a/src/main/java/murraco/dto/UserResponseDTO.java
+++ b/src/main/java/murraco/dto/UserResponseDTO.java
@@ -2,20 +2,20 @@
import java.util.List;
-import io.swagger.annotations.ApiModelProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import murraco.model.AppUserRole;
@Data
public class UserResponseDTO {
- @ApiModelProperty(position = 0)
+ @Schema(description = "user id")
private Integer id;
- @ApiModelProperty(position = 1)
+ @Schema(description = "user name")
private String username;
- @ApiModelProperty(position = 2)
+ @Schema(description = "user email")
private String email;
- @ApiModelProperty(position = 3)
+ @Schema(description = "user roles")
List appUserRoles;
}
diff --git a/src/main/java/murraco/exception/CustomException.java b/src/main/java/murraco/exception/CustomException.java
index fb70182..6001e26 100644
--- a/src/main/java/murraco/exception/CustomException.java
+++ b/src/main/java/murraco/exception/CustomException.java
@@ -1,12 +1,17 @@
package murraco.exception;
+import lombok.Getter;
import org.springframework.http.HttpStatus;
+import java.io.Serial;
+
public class CustomException extends RuntimeException {
+ @Serial
private static final long serialVersionUID = 1L;
private final String message;
+ @Getter
private final HttpStatus httpStatus;
public CustomException(String message, HttpStatus httpStatus) {
@@ -19,8 +24,4 @@ public String getMessage() {
return message;
}
- public HttpStatus getHttpStatus() {
- return httpStatus;
- }
-
}
diff --git a/src/main/java/murraco/exception/GlobalExceptionHandlerController.java b/src/main/java/murraco/exception/GlobalExceptionHandlerController.java
index b0d6fd1..987fd7a 100644
--- a/src/main/java/murraco/exception/GlobalExceptionHandlerController.java
+++ b/src/main/java/murraco/exception/GlobalExceptionHandlerController.java
@@ -3,7 +3,7 @@
import java.io.IOException;
import java.util.Map;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
import org.springframework.boot.web.error.ErrorAttributeOptions;
import org.springframework.boot.web.servlet.error.DefaultErrorAttributes;
diff --git a/src/main/java/murraco/model/AppUser.java b/src/main/java/murraco/model/AppUser.java
index 2fa7b73..6a96b68 100644
--- a/src/main/java/murraco/model/AppUser.java
+++ b/src/main/java/murraco/model/AppUser.java
@@ -5,14 +5,14 @@
import java.util.List;
-import javax.persistence.Column;
-import javax.persistence.ElementCollection;
-import javax.persistence.Entity;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.validation.constraints.Size;
+import jakarta.persistence.Column;
+import jakarta.persistence.ElementCollection;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.validation.constraints.Size;
@Entity
@Data // Create getters and setters
diff --git a/src/main/java/murraco/repository/UserRepository.java b/src/main/java/murraco/repository/UserRepository.java
index f1ead55..33b8c85 100644
--- a/src/main/java/murraco/repository/UserRepository.java
+++ b/src/main/java/murraco/repository/UserRepository.java
@@ -1,6 +1,6 @@
package murraco.repository;
-import javax.transaction.Transactional;
+import org.springframework.transaction.annotation.Transactional;
import org.springframework.data.jpa.repository.JpaRepository;
diff --git a/src/main/java/murraco/security/JwtTokenFilter.java b/src/main/java/murraco/security/JwtTokenFilter.java
index 47728c0..3bab59c 100644
--- a/src/main/java/murraco/security/JwtTokenFilter.java
+++ b/src/main/java/murraco/security/JwtTokenFilter.java
@@ -1,32 +1,29 @@
package murraco.security;
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import murraco.exception.CustomException;
+import org.springframework.lang.NonNull;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.filter.GenericFilterBean;
-
-import murraco.exception.CustomException;
import org.springframework.web.filter.OncePerRequestFilter;
-// We should use OncePerRequestFilter since we are doing a database call, there is no point in doing this more than once
+import java.io.IOException;
+
public class JwtTokenFilter extends OncePerRequestFilter {
- private JwtTokenProvider jwtTokenProvider;
+ private final JwtTokenProvider jwtTokenProvider;
public JwtTokenFilter(JwtTokenProvider jwtTokenProvider) {
this.jwtTokenProvider = jwtTokenProvider;
}
@Override
- protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
+ protected void doFilterInternal(@NonNull HttpServletRequest httpServletRequest,
+ @NonNull HttpServletResponse httpServletResponse,
+ @NonNull FilterChain filterChain) throws ServletException, IOException {
String token = jwtTokenProvider.resolveToken(httpServletRequest);
try {
if (token != null && jwtTokenProvider.validateToken(token)) {
diff --git a/src/main/java/murraco/security/JwtTokenFilterConfigurer.java b/src/main/java/murraco/security/JwtTokenFilterConfigurer.java
index a3c5f2f..49750c3 100644
--- a/src/main/java/murraco/security/JwtTokenFilterConfigurer.java
+++ b/src/main/java/murraco/security/JwtTokenFilterConfigurer.java
@@ -7,7 +7,7 @@
public class JwtTokenFilterConfigurer extends SecurityConfigurerAdapter {
- private JwtTokenProvider jwtTokenProvider;
+ private final JwtTokenProvider jwtTokenProvider;
public JwtTokenFilterConfigurer(JwtTokenProvider jwtTokenProvider) {
this.jwtTokenProvider = jwtTokenProvider;
diff --git a/src/main/java/murraco/security/JwtTokenProvider.java b/src/main/java/murraco/security/JwtTokenProvider.java
index 7b6970c..e56bcc3 100644
--- a/src/main/java/murraco/security/JwtTokenProvider.java
+++ b/src/main/java/murraco/security/JwtTokenProvider.java
@@ -6,8 +6,8 @@
import java.util.Objects;
import java.util.stream.Collectors;
-import javax.annotation.PostConstruct;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.annotation.PostConstruct;
+import jakarta.servlet.http.HttpServletRequest;
import murraco.model.AppUserRole;
import org.springframework.beans.factory.annotation.Autowired;
diff --git a/src/main/java/murraco/security/WebSecurityConfig.java b/src/main/java/murraco/security/WebSecurityConfig.java
index b971811..cb8372e 100644
--- a/src/main/java/murraco/security/WebSecurityConfig.java
+++ b/src/main/java/murraco/security/WebSecurityConfig.java
@@ -1,79 +1,57 @@
package murraco.security;
import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableMethodSecurity
@RequiredArgsConstructor
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-
- private final JwtTokenProvider jwtTokenProvider;
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
-
- // Disable CSRF (cross site request forgery)
- http.csrf().disable();
-
- // No session will be created or used by spring security
- http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-
- // Entry points
- http.authorizeRequests()//
- .antMatchers("/users/signin").permitAll()//
- .antMatchers("/users/signup").permitAll()//
- .antMatchers("/h2-console/**/**").permitAll()
- // Disallow everything else..
- .anyRequest().authenticated();
-
- // If a user try to access a resource without having enough permissions
- http.exceptionHandling().accessDeniedPage("/login");
-
- // Apply JWT
- http.apply(new JwtTokenFilterConfigurer(jwtTokenProvider));
-
- // Optional, if you want to test the API from a browser
- // http.httpBasic();
- }
-
- @Override
- public void configure(WebSecurity web) throws Exception {
- // Allow swagger to be accessed without authentication
- web.ignoring().antMatchers("/v2/api-docs")//
- .antMatchers("/swagger-resources/**")//
- .antMatchers("/swagger-ui.html")//
- .antMatchers("/configuration/**")//
- .antMatchers("/webjars/**")//
- .antMatchers("/public")
-
- // Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production)
- .and()
- .ignoring()
- .antMatchers("/h2-console/**/**");;
- }
-
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder(12);
- }
-
- @Override
- @Bean
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
- }
+public class WebSecurityConfig {
+
+ private final JwtTokenProvider jwtTokenProvider;
+
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ http.csrf(AbstractHttpConfigurer::disable)
+ .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .authorizeHttpRequests(authz -> authz
+ .requestMatchers(
+ "/users/signin",
+ "/users/signup",
+ "/h2-console/**",
+ "/v3/api-docs/**",
+ "/swagger-ui/**",
+ "/swagger-resources/**",
+ "/configuration/**",
+ "/webjars/**"
+ ).permitAll()
+ .anyRequest().authenticated()
+ )
+ .exceptionHandling(exception -> exception.accessDeniedPage("/login"))
+ .apply(new JwtTokenFilterConfigurer(jwtTokenProvider));
+ return http.build();
+ }
+
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder(12);
+ }
+
+ @Bean
+ public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+ return authenticationConfiguration.getAuthenticationManager();
+ }
}
diff --git a/src/main/java/murraco/service/UserService.java b/src/main/java/murraco/service/UserService.java
index e5c239f..83efa7a 100644
--- a/src/main/java/murraco/service/UserService.java
+++ b/src/main/java/murraco/service/UserService.java
@@ -1,6 +1,6 @@
package murraco.service;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpStatus;