From ad114076e50fa6c30ee39fb509595ea79fc7c724 Mon Sep 17 00:00:00 2001 From: Welton Carvalho Date: Tue, 9 Jan 2024 22:38:04 -0300 Subject: [PATCH] create a token validation to incoming request --- pom.xml | 4 +++ .../apipokemon/security/SecurityConfig.java | 32 +++++++++++++++++++ .../apipokemon/security/SecurityFilter.java | 30 +++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 src/main/java/com/wellcoded/apipokemon/security/SecurityConfig.java create mode 100644 src/main/java/com/wellcoded/apipokemon/security/SecurityFilter.java diff --git a/pom.xml b/pom.xml index a5b12de..5e6e3fa 100644 --- a/pom.xml +++ b/pom.xml @@ -30,6 +30,10 @@ org.springframework.boot spring-boot-starter-web + + org.springframework.boot + spring-boot-starter-security + org.projectlombok lombok diff --git a/src/main/java/com/wellcoded/apipokemon/security/SecurityConfig.java b/src/main/java/com/wellcoded/apipokemon/security/SecurityConfig.java new file mode 100644 index 0000000..a699f50 --- /dev/null +++ b/src/main/java/com/wellcoded/apipokemon/security/SecurityConfig.java @@ -0,0 +1,32 @@ +package com.wellcoded.apipokemon.security; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +@Configuration +@EnableWebSecurity +@EnableMethodSecurity +public class SecurityConfig { + + @Autowired + private SecurityFilter securityFilter; + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception { + return httpSecurity + .csrf(AbstractHttpConfigurer::disable) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(authorize -> authorize + .anyRequest().authenticated()) + .addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class) + .build(); + } +} diff --git a/src/main/java/com/wellcoded/apipokemon/security/SecurityFilter.java b/src/main/java/com/wellcoded/apipokemon/security/SecurityFilter.java new file mode 100644 index 0000000..d80b19a --- /dev/null +++ b/src/main/java/com/wellcoded/apipokemon/security/SecurityFilter.java @@ -0,0 +1,30 @@ +package com.wellcoded.apipokemon.security; + +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; +import java.util.Objects; + +@Component +public class SecurityFilter extends OncePerRequestFilter { + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + + String header = request.getHeader("auth"); + + if(Objects.equals(header, "token")) { + UsernamePasswordAuthenticationToken auth = + new UsernamePasswordAuthenticationToken(null, null, null); + SecurityContextHolder.getContext().setAuthentication(auth); + } + filterChain.doFilter(request, response); + } +}