1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
|
package com.cognitiex.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import java.util.Collections;
import java.util.Arrays;
import org.springframework.http.HttpMethod;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import jakarta.servlet.http.HttpServletResponse;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers(HttpMethod.POST, "/api/auth/register", "/api/auth/login").permitAll() // Autoriser register et login
.anyRequest().authenticated() // Les autres requêtes nécessitent une authentification
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // Utiliser des sessions stateless
)
.cors(corsCustomizer -> corsCustomizer
.configurationSource(request -> {
CorsConfiguration cors = new CorsConfiguration();
cors.setAllowedOrigins(Collections.singletonList("http://localhost:4200"));
cors.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
cors.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type"));
cors.setAllowCredentials(true);
return cors;
})
)
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint((request, response, authException) -> {
System.out.println("Unauthenticated request - redirecting to login");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
})
);
return http.build();
}
}
Code du contrôleur:
package com.cognitiex.controllers;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.*;
import com.cognitiex.repositories.UserRepository;
import com.cognitiex.config.JwtUtil;
import com.cognitiex.models.User;
import com.cognitiex.models.AuthRequest;
import com.cognitiex.models.AuthResponse;
@RestController
@RequestMapping("/api/auth")
public class AuthController {
@Autowired
private UserRepository userRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private JwtUtil jwtUtil;
@PostMapping("/register")
public ResponseEntity<?> registerUser(@RequestBody User user) {
user.setPassword(passwordEncoder.encode(user.getPassword()));
userRepository.save(user);
return ResponseEntity.ok("User registered successfully");
}
@PostMapping("/login")
public ResponseEntity<?> loginUser(@RequestBody AuthRequest authRequest) {
User user = userRepository.findByUsername(authRequest.getUsername());
if (user != null && passwordEncoder.matches(authRequest.getPassword(), user.getPassword())) {
String token = jwtUtil.generateToken(user.getUsername());
return ResponseEntity.ok(new AuthResponse(token));
} else {
return ResponseEntity.status(401).body("Invalid credentials");
}
}
} |
Partager