Package api.mpba.rastvdmy.config
Class SecurityConfig
java.lang.Object
api.mpba.rastvdmy.config.SecurityConfig
Security configuration class for the application that extends Spring Security's capabilities.
This class defines the security filter chain, authentication provider, and various security settings
for the application.
The configuration includes JWT authentication, CSRF protection disabling, session management, and method-level security.
-
Constructor Summary
ConstructorsConstructorDescriptionSecurityConfig(JwtAuthenticationFilter jwtAuthFilter, UserProfileService userProfileService, org.springframework.security.web.AuthenticationEntryPoint authEntryPoint) Constructor forSecurityConfigthat initializes the security components. -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.authentication.AuthenticationManagerauthenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration config) Provides the authentication manager for the application.org.springframework.security.authentication.AuthenticationProviderConfigures the authentication provider for the application.org.springframework.security.crypto.password.PasswordEncoderConfigures the password encoder to use for encoding passwords.org.springframework.security.web.SecurityFilterChainsecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Configures the security filter chain for the application.
-
Constructor Details
-
SecurityConfig
public SecurityConfig(JwtAuthenticationFilter jwtAuthFilter, @Lazy UserProfileService userProfileService, @Qualifier("authenticationEntryPointImpl") org.springframework.security.web.AuthenticationEntryPoint authEntryPoint) Constructor forSecurityConfigthat initializes the security components.- Parameters:
jwtAuthFilter- TheJwtAuthenticationFilterfor processing JWT authentication.userProfileService- TheUserProfileServicefor loading user details.authEntryPoint- TheAuthenticationEntryPointto handle authentication exceptions.
-
-
Method Details
-
securityFilterChain
@Bean public org.springframework.security.web.SecurityFilterChain securityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception Configures the security filter chain for the application. This method sets up CSRF protection, XSS protection, session management, request authorization, and exception handling.- Parameters:
http- TheHttpSecurityobject used to configure the security settings.- Returns:
- The configured
SecurityFilterChain. - Throws:
Exception- if an error occurs during the configuration.
-
authenticationProvider
@Bean public org.springframework.security.authentication.AuthenticationProvider authenticationProvider()Configures the authentication provider for the application. This method uses aDaoAuthenticationProviderto authenticate users based on user details provided by theUserProfileServiceand encodes passwords using thePasswordEncoder.- Returns:
- The configured
AuthenticationProvider.
-
authenticationManager
@Bean public org.springframework.security.authentication.AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration config) throws Exception Provides the authentication manager for the application. This bean is required for managing authentication operations.- Parameters:
config- TheAuthenticationConfigurationobject used to retrieve the authentication manager.- Returns:
- The configured
AuthenticationManager. - Throws:
Exception- if an error occurs while retrieving the authentication manager.
-
passwordEncoder
@Bean public org.springframework.security.crypto.password.PasswordEncoder passwordEncoder()Configures the password encoder to use for encoding passwords. This method returns aBCryptPasswordEncoderinstance for secure password hashing.- Returns:
- The configured
PasswordEncoder.
-