SecurityConfig_master.java
2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package com.sigem.gis.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private final JwtAuthenticationFilter jwtAuthFilter;
public SecurityConfig(JwtAuthenticationFilter jwtAuthFilter) {
this.jwtAuthFilter = jwtAuthFilter;
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable()) // Deshabilitado para APIs REST (Stateless con JWT)
.cors(cors -> cors.disable()) // Modificable luego para permitir conexiones cruzadas
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(authz -> authz
// Accesos no autenticados permitidos (Puerta de Entrada Prototipo)
.requestMatchers("/api/auth/**").permitAll()
.requestMatchers("/api/admin/**").permitAll()
.requestMatchers("/login_prototipo.html", "/login.html", "/", "/mapas", "/login", "/error").permitAll()
.requestMatchers("/css/**", "/js/**", "/img/**").permitAll()
.requestMatchers("/gwc/**").permitAll()
// Todas las demás llamadas API estarán protegidas mediante JWT
.requestMatchers("/api/**").authenticated()
.anyRequest().permitAll()
)
.httpBasic(basic -> basic.disable())
.formLogin(form -> form.disable())
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
}