78 lines
3.2 KiB
Java
78 lines
3.2 KiB
Java
package com.astalange.web.config;
|
|
|
|
import com.astalange.core.security.UserDetailsServiceImpl;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.authentication.AuthenticationProvider;
|
|
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.core.session.SessionRegistry;
|
|
import org.springframework.security.core.session.SessionRegistryImpl;
|
|
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
public class SecurityConfig {
|
|
|
|
private final UserDetailsServiceImpl userDetailsService;
|
|
|
|
public SecurityConfig(UserDetailsServiceImpl userDetailsService) {
|
|
this.userDetailsService = userDetailsService;
|
|
}
|
|
|
|
@Bean
|
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
http
|
|
.authorizeHttpRequests(auth -> auth
|
|
.requestMatchers("/css/**", "/js/**", "/images/**", "/inscription-public/**").permitAll()
|
|
.requestMatchers("/change-password").authenticated()
|
|
.requestMatchers("/utilisateurs/**", "/saisons/**", "/categories/**", "/equipes/**", "/modespaiement/**", "/equipements/**", "/admin/logs/**").hasRole("ADMIN")
|
|
.requestMatchers("/paiements/**", "/paiement/**").hasAnyRole("ADMIN", "TRESORERIE", "AGENT_SAISIE")
|
|
.requestMatchers("/planning/**").hasAnyRole("ADMIN", "AGENT_SAISIE")
|
|
.requestMatchers("/adherents/**", "/dotations/**").hasAnyRole("ADMIN", "TRESORERIE", "AGENT_SAISIE")
|
|
.anyRequest().authenticated()
|
|
)
|
|
.formLogin(form -> form
|
|
.loginPage("/login")
|
|
.defaultSuccessUrl("/", true)
|
|
.permitAll()
|
|
)
|
|
.logout(logout -> logout
|
|
.logoutSuccessUrl("/login?logout")
|
|
.permitAll()
|
|
)
|
|
.sessionManagement(session -> session
|
|
.maximumSessions(100)
|
|
.sessionRegistry(sessionRegistry())
|
|
);
|
|
return http.build();
|
|
}
|
|
|
|
@Bean
|
|
public PasswordEncoder passwordEncoder() {
|
|
return Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8();
|
|
}
|
|
|
|
@Bean
|
|
public AuthenticationProvider authenticationProvider() {
|
|
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
|
|
authProvider.setUserDetailsService(userDetailsService);
|
|
authProvider.setPasswordEncoder(passwordEncoder());
|
|
return authProvider;
|
|
}
|
|
|
|
@Bean
|
|
public SessionRegistry sessionRegistry() {
|
|
return new SessionRegistryImpl();
|
|
}
|
|
|
|
@Bean
|
|
public HttpSessionEventPublisher httpSessionEventPublisher() {
|
|
return new HttpSessionEventPublisher();
|
|
}
|
|
}
|