updated security config

2024-10-09 13:22:06 +05:30
parent 7c324eeed0
commit 4a68348a7b
1 changed files with 14 additions and 35 deletions
--- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
@@ -96,53 +96,32 @@ public class SecurityConfig {
    }
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        // Apply stateless session management globally
-        http.csrf(AbstractHttpConfigurer::disable)
-            .authorizeHttpRequests(auth -> auth
-                // Public endpoints
+        http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests(auth -> auth
+                // Allow public access to the login endpoints
                .requestMatchers("/v1/user/login").permitAll() // JWT-based login
                .requestMatchers("/v1/user").permitAll() // User registration
                .requestMatchers("/v1/user/sso/validate/existing-user/{token}").permitAll()
                .requestMatchers("/v1/user/sso/validate/new-user/{token}").permitAll()
+                .requestMatchers("/v1/saml/**").permitAll() // JWT-based login
+                .requestMatchers("/saml2/**").permitAll() // SAML login initiation
                .requestMatchers("/swagger-ui/**").permitAll() // Swagger docs
                .requestMatchers("/v1/api-docs/**").permitAll() // API docs
-
-                // SAML-related endpoints
-                .requestMatchers("/v1/saml/**", "/saml2/**").permitAll()
-
-                // Other authenticated requests
                .anyRequest().authenticated())
-
-            // Globally use stateless session management for most requests
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-
-            // SAML2 login configuration
-            .saml2Login(saml -> saml
-                .defaultSuccessUrl("/")
-                .successHandler(samlSuccessHandler)
+                .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class)
+                // Add SAML2 login configuration (for BENEFICIARI)
+                /*
+                 * .saml2Login(saml -> saml.loginPage("/saml/login") // Entry point for SAML
+                 * login .defaultSuccessUrl("/") // Redirect after successful SAML login );
+                 */
+				.saml2Login(saml -> saml.defaultSuccessUrl("/").successHandler(samlSuccessHandler)
 						.failureHandler(samlFailureHandler));

-        return http.build();
-    }
-
-    // Add another SecurityFilterChain for SAML requests with stateful session management
-    @Bean
-    public SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception {
-        // Apply stateful session management for SAML-related endpoints
-        http
-            .securityMatcher("/v1/saml/**", "/saml2/**") // Match SAML requests
-            .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/v1/saml/**", "/saml2/**").permitAll()
-                .anyRequest().authenticated())
-
-            // Use stateful session management for SAML requests
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED));

        return http.build();
    }

-
-
    @Bean
    public OpenAPI customOpenAPI() {
        return new OpenAPI()