BFLOWS/bflows-bandi-be
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated config

Browse Source
This commit is contained in:
rajesh
2024-10-09 12:56:01 -07:00
parent f5aae53ca1
commit fb71a70caa
1 changed files with 36 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
View File

@@ -96,32 +96,53 @@ public class SecurityConfig {
} }
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests(auth -> auth // Apply stateless session management globally
// Allow public access to the login endpoints http.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
// Public endpoints
.requestMatchers("/v1/user/login").permitAll() // JWT-based login .requestMatchers("/v1/user/login").permitAll() // JWT-based login
.requestMatchers("/v1/user").permitAll() // User registration .requestMatchers("/v1/user").permitAll() // User registration
.requestMatchers("/v1/user/sso/validate/existing-user/{token}").permitAll() .requestMatchers("/v1/user/sso/validate/existing-user/{token}").permitAll()
.requestMatchers("/v1/user/sso/validate/new-user/{token}").permitAll() .requestMatchers("/v1/user/sso/validate/new-user/{token}").permitAll()
.requestMatchers("/v1/saml/**").permitAll() // JWT-based login
.requestMatchers("/saml2/**").permitAll() // SAML login initiation
.requestMatchers("/swagger-ui/**").permitAll() // Swagger docs .requestMatchers("/swagger-ui/**").permitAll() // Swagger docs
.requestMatchers("/v1/api-docs/**").permitAll() // API docs .requestMatchers("/v1/api-docs/**").permitAll() // API docs
.anyRequest().authenticated())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class)
// Add SAML2 login configuration (for BENEFICIARI)
/*
* .saml2Login(saml -> saml.loginPage("/saml/login") // Entry point for SAML
* login .defaultSuccessUrl("/") // Redirect after successful SAML login );
*/
.saml2Login(saml -> saml.defaultSuccessUrl("/").successHandler(samlSuccessHandler)
.failureHandler(samlFailureHandler));
// SAML-related endpoints
.requestMatchers("/v1/saml/**", "/saml2/**").permitAll()
// Other authenticated requests
.anyRequest().authenticated())
// Globally use stateless session management for most requests
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// SAML2 login configuration
.saml2Login(saml -> saml
.defaultSuccessUrl("/")
.successHandler(samlSuccessHandler)
.failureHandler(samlFailureHandler));
return http.build(); return http.build();
} }
// Add another SecurityFilterChain for SAML requests with stateful session management
@Bean
public SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception {
// Apply stateful session management for SAML-related endpoints
http
.securityMatcher("/v1/saml/**", "/saml2/**") // Match SAML requests
.authorizeHttpRequests(auth -> auth
.requestMatchers("/v1/saml/**", "/saml2/**").permitAll()
.anyRequest().authenticated())
// Use stateful session management for SAML requests
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED));
return http.build();
}
@Bean @Bean
public OpenAPI customOpenAPI() { public OpenAPI customOpenAPI() {
return new OpenAPI() return new OpenAPI()