package ite.librarymaster.application.configuration; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.boot.actuate.health.HealthEndpoint; import org.springframework.context.annotation.Bean; import org.springframework.core.annotation.Order; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.converter.RsaKeyConverters.x509; @Configuration @EnableWebSecurity @EnableMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfig { @Order(1) @Bean public SecurityFilterChain actuatorSecurityFilterChain(HttpSecurity http) throws Exception { http.securityMatcher("/actuator/**") .authorizeHttpRequests(r -> { r.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll(); r.anyRequest().authenticated(); } ).httpBasic(withDefaults()); return http.build(); } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authz) -> authz .requestMatchers("/library/**").authenticated() .anyRequest().permitAll() ) // TODO 6: Change Authentication to x509 .httpBasic(withDefaults()); return http.build(); } // This makes sure that the passwords are hashed // (by default using the `bcrypt' hashing algorithm). @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } }