Added sample security. Though this breaks the app.

2024-04-01 18:58:20 +02:00
parent 9a84967804
commit 4e43df8075
3 changed files with 51 additions and 0 deletions
--- a/build.gradle
+++ b/build.gradle
@ -36,6 +36,11 @@ dependencies {
 	implementation 'com.rethinkdb:rethinkdb-driver:2.4.4'
 	// https://mvnrepository.com/artifact/com.google.code.gson/gson
 	implementation group: 'com.google.code.gson', name: 'gson', version: '2.10.1'
+	// https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security
+	implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '3.2.4'
+	// https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api
+	implementation group: 'io.jsonwebtoken', name: 'jjwt-api', version: '0.12.5'
+
 }

 bootJar {
--- a/src/main/java/de/w665/sharepulse/config/CustomAuthenticationFilter.java
+++ b/src/main/java/de/w665/sharepulse/config/CustomAuthenticationFilter.java
@ -0,0 +1,17 @@
+package de.w665.sharepulse.config;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import org.springframework.web.filter.GenericFilterBean;
+
+import java.io.IOException;
+
+public class CustomAuthenticationFilter extends GenericFilterBean {
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        // Custom logic here
+        filterChain.doFilter(servletRequest, servletResponse);
+    }
+}
--- a/src/main/java/de/w665/sharepulse/config/SecurityConfig.java
+++ b/src/main/java/de/w665/sharepulse/config/SecurityConfig.java
@ -0,0 +1,29 @@
+package de.w665.sharepulse.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/admin/**").authenticated()
+                        .anyRequest().permitAll()
+                )
+                .formLogin(formLogin -> formLogin
+                        .loginPage("/login")
+                        .permitAll()
+                )
+                .logout(LogoutConfigurer::permitAll)
+                .rememberMe(Customizer.withDefaults());
+        return http.build();
+    }
+}