Spring security config
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UsersDetailsService usersDetailsService;
@Autowired
private JwtFilter jwtFilter;
public SecurityConfig(UsersDetailsService usersDetailsService) {
this.usersDetailsService = usersDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors().and().authorizeRequests()
.antMatchers("/api/authenticate").anonymous()
.antMatchers("/api/generateTPAC").anonymous()
.antMatchers("/api/register").anonymous()
.antMatchers("/api/generate2FAcode").anonymous()
.antMatchers("/api/verify-email**").anonymous()
.antMatchers("/api/retrieveUserInfo").permitAll()
.antMatchers("/api/validateToken").permitAll()
.antMatchers("/api/update**").permitAll()
.antMatchers("/api/uploadImage").permitAll()
.antMatchers("/api/image").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(usersDetailsService);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Hello i have trouble setting antMatchers authorization.. It is not working as it should. Only what works is permitAll and denyAll, anonymous,hasRole,authenticated are not working.. I tried use .access(hasRole()) but this aint working at all tho..