From f0a93e706ac4188d5d754dafc17d389275d5993c Mon Sep 17 00:00:00 2001
From: realtradam <github@tradam.dev>
Date: Sat, 13 Jul 2024 04:02:13 -0400
Subject: everything broke

---
 .../java/com/blog/web/security/SecurityConfig.java     | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'src/main/java/com/blog/web/security/SecurityConfig.java')

diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java
index 1471d0f..99da308 100644
--- a/src/main/java/com/blog/web/security/SecurityConfig.java
+++ b/src/main/java/com/blog/web/security/SecurityConfig.java
@@ -2,9 +2,12 @@ package com.blog.web.security;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
@@ -12,6 +15,17 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 @EnableWebSecurity
 @EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfig {
+    private CustomUserDetailsService userDetailsService;
+
+    public SecurityConfig(CustomUserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Bean
+    public static PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         // disabling csrf leaves us vulnerable, in a real production app do not do this
@@ -35,4 +49,8 @@ public class SecurityConfig {
                                 .logoutSuccessUrl("/articles"));
         return http.build();
     }
+
+    public void configure(AuthenticationManagerBuilder builder) throws Exception {
+        builder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+    }
 }
-- 
cgit v1.2.3