package es.uv.garcosda.config; import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import es.uv.garcosda.security.CustomAuthenticationFilter; import es.uv.garcosda.security.CustomUserDetailsService; import es.uv.garcosda.services.JwtService; @Configuration @EnableWebSecurity public class WebSecurityConfig{ @Autowired private CustomUserDetailsService userDetailsService; @Autowired private JwtService jwtService; @Bean public static PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public AuthenticationManager authenticationManager(){ DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); authProvider.setUserDetailsService(userDetailsService); authProvider.setPasswordEncoder(passwordEncoder()); return new ProviderManager(authProvider); } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.csrf().disable() .cors().disable() .sessionManagement().sessionCreationPolicy(STATELESS) .and() .authorizeHttpRequests().anyRequest().permitAll() .and() .addFilter(new CustomAuthenticationFilter(authenticationManager(), jwtService)); return http.build(); } }