add basic spring security config (allow most of the endpoints, and setup in memory user and admin!)

Csaba79-coder · Csaba79-coder · commit 255f8f51123a · 2023-05-30T16:54:04.000+02:00
diff --git a/pom.xml b/pom.xml
@@ -22,10 +22,10 @@
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
 
-        <!--<dependency>
+        <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
-        </dependency>-->
+        </dependency>
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -104,6 +104,10 @@
             <version>4.8.1</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
 
         <!--<dependency>
             <groupId>org.springframework.security</groupId>
diff --git a/src/main/java/com/csaba79coder/littersnap/config/SecurityConfiguration.java b/src/main/java/com/csaba79coder/littersnap/config/SecurityConfiguration.java
@@ -0,0 +1,72 @@
+package com.csaba79coder.littersnap.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration {
+
+    @Bean
+    public PasswordEncoder encoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                .anyRequest().permitAll()  // Allow access to all endpoints
+                .and()
+                .formLogin()
+                .loginPage("/login")
+                .permitAll()
+                .and()
+                .logout()
+                .permitAll()
+                .and()
+                .csrf().disable();  // Disable CSRF protection
+        return http.build();
+
+        /*
+        this disables all authentication and authorization for the moment!
+        http
+            .authorizeRequests()
+                .anyRequest().permitAll()  // Allow access to all endpoints
+            .and()
+                .formLogin()
+                    .disable()  // Disable form-based login
+            .and()
+                .logout()
+                    .disable()  // Disable logout functionality
+            .and()
+                .csrf()
+                    .disable();  // Disable CSRF protection
+    return http.build();
+         */
+    }
+
+    @Bean
+    public UserDetailsService users() {
+        UserDetails user = User.builder()
+                .username("user")
+                .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW") // password
+                .roles("USER_ROLE")
+                .build();
+        UserDetails admin = User.builder()
+                .username("admin")
+                .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW") // password
+                .roles("ADMIN_ROLE")
+                .build();
+        return new InMemoryUserDetailsManager(user, admin);
+    }
+}
