-
-
Notifications
You must be signed in to change notification settings - Fork 469
Expand file tree
/
Copy pathSecurityConfiguration.java
More file actions
43 lines (37 loc) · 1.7 KB
/
SecurityConfiguration.java
File metadata and controls
43 lines (37 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package io.sentry.samples.spring7;
import org.jetbrains.annotations.NotNull;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
// this API is meant to be consumed by non-browser clients thus the CSRF protection is not needed.
@SuppressWarnings({"lgtm[java/spring-disabled-csrf-protection]", "removal"})
@Bean
public SecurityFilterChain filterChain(final @NotNull HttpSecurity http) throws Exception {
return http.csrf((csrf) -> csrf.disable())
.authorizeHttpRequests((r) -> r.anyRequest().authenticated())
.httpBasic((h) -> {})
.build();
}
@Bean
public @NotNull InMemoryUserDetailsManager userDetailsService() {
final PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
final UserDetails user =
User.builder()
.passwordEncoder(encoder::encode)
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}