Marcel Raddatz
93ce1eaeac
- Add comment to SecurityConfig explaining why CSRF is disabled - Add SecurityContextHolder.clearContext() to logout for clean thread state - Add Javadoc on authenticateInSession() explaining manual session setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
42 lines
1.8 KiB
Java
42 lines
1.8 KiB
Java
package com.recipeapp.auth;
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.http.HttpMethod;
|
|
import org.springframework.http.HttpStatus;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
public class SecurityConfig {
|
|
|
|
@Bean
|
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
http
|
|
// CSRF is disabled: SvelteKit is the only client and submits form actions
|
|
// server-side, so the browser never calls the backend directly.
|
|
.csrf(csrf -> csrf.disable())
|
|
.authorizeHttpRequests(auth -> auth
|
|
.requestMatchers("/v1/auth/signup", "/v1/auth/login").permitAll()
|
|
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
|
|
.requestMatchers("/v1/admin/**").hasAuthority("ROLE_ADMIN")
|
|
.anyRequest().authenticated())
|
|
.exceptionHandling(ex -> ex
|
|
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
|
|
.sessionManagement(session -> session
|
|
.maximumSessions(1));
|
|
|
|
return http.build();
|
|
}
|
|
|
|
@Bean
|
|
public PasswordEncoder passwordEncoder() {
|
|
return new BCryptPasswordEncoder();
|
|
}
|
|
}
|