summaryrefslogtreecommitdiffhomepage
path: root/src/main/java/com/blog/web/security/SecurityConfig.java
diff options
context:
space:
mode:
authorrealtradam <[email protected]>2024-07-13 04:02:13 -0400
committerrealtradam <[email protected]>2024-07-13 04:02:13 -0400
commitf0a93e706ac4188d5d754dafc17d389275d5993c (patch)
treeab7dd67c9eb399100ffd8ea424766ae5d269b55f /src/main/java/com/blog/web/security/SecurityConfig.java
parentff63bacc647a20c59ce642a4d6b647c3a4290418 (diff)
downloadspring-blog-f0a93e706ac4188d5d754dafc17d389275d5993c.tar.gz
spring-blog-f0a93e706ac4188d5d754dafc17d389275d5993c.zip
everything broke
Diffstat (limited to 'src/main/java/com/blog/web/security/SecurityConfig.java')
-rw-r--r--src/main/java/com/blog/web/security/SecurityConfig.java18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java
index 1471d0f..99da308 100644
--- a/src/main/java/com/blog/web/security/SecurityConfig.java
+++ b/src/main/java/com/blog/web/security/SecurityConfig.java
@@ -2,9 +2,12 @@ package com.blog.web.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -12,6 +15,17 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true)
public class SecurityConfig {
+ private CustomUserDetailsService userDetailsService;
+
+ public SecurityConfig(CustomUserDetailsService userDetailsService) {
+ this.userDetailsService = userDetailsService;
+ }
+
+ @Bean
+ public static PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder();
+ }
+
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// disabling csrf leaves us vulnerable, in a real production app do not do this
@@ -35,4 +49,8 @@ public class SecurityConfig {
.logoutSuccessUrl("/articles"));
return http.build();
}
+
+ public void configure(AuthenticationManagerBuilder builder) throws Exception {
+ builder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+ }
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-17 16:29:39 +0000