package com.project.whatsappchatbot.security; import com.project.whatsappchatbot.security.jwt.AuthEntryPointJwt; import com.project.whatsappchatbot.security.jwt.AuthTokenFilter; import com.project.whatsappchatbot.security.services.UserDetailsServiceImpl; import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.client.RestTemplate; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity( prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserDetailsServiceImpl userDetailsService; @Autowired private AuthEntryPointJwt unauthorizedHandler; @Bean public AuthTokenFilter authenticationJwtTokenFilter() { return new AuthTokenFilter(); } @Override public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean public RestTemplate restTemplate() { return new RestTemplate(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() // .antMatchers("/**").permitAll() .antMatchers("/**").permitAll() .antMatchers("/login/**").permitAll() .antMatchers("/dashboard/**").permitAll() .antMatchers("/api/dashboard/**").permitAll() .antMatchers("/api/login/**").permitAll() .antMatchers("/api/signin/**").permitAll() .antMatchers("/api/signup/**").permitAll() .antMatchers("/api/otp/send-otp/**").permitAll() .antMatchers("/dashboard/**").authenticated() // .antMatchers("/api/ecommerce/**").permitAll() // .antMatchers("/api/products/**").permitAll() // .antMatchers("/invoices/**").permitAll() // .antMatchers("/api/products/search/**").permitAll() // .antMatchers("/api/product-category/**").permitAll() .anyRequest().authenticated() .and() .headers().frameOptions().sameOrigin(); http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class); } }