package com.jasamedika.medifirst2000.security; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.scheduling.annotation.EnableScheduling; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import com.jasamedika.medifirst2000.constants.Constants; import com.jasamedika.medifirst2000.filter.StatelessAuthenticationFilter; import com.jasamedika.medifirst2000.security.service.TokenAuthenticationService; import com.jasamedika.medifirst2000.security.service.UserService; /** * SpringSecurityConfig class * Di sini Kita tidak menggunakan XML Config untuk Spring Security * * @author Roberto */ @Configuration @EnableWebSecurity @Order(2) public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private RestAuthenticationEntryPoint restAuthenticationEntryPoint; private final UserService userService; private final TokenAuthenticationService tokenAuthenticationService; public SpringSecurityConfig() { super(true); this.userService = new UserService(); tokenAuthenticationService = new TokenAuthenticationService( Constants.JASAMEDIKA, userService); } @Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling() //restAuthenticationEntryPoint .authenticationEntryPoint(restAuthenticationEntryPoint) .and() .anonymous() .and() .servletApi() .and() .headers() .cacheControl() .and() .authorizeRequests() // Allow anonymous resource requests .antMatchers("/favicon.ico") .permitAll() .antMatchers("**/*.html") .permitAll() .antMatchers("**/*.css") .permitAll() .antMatchers("**/*.js") .permitAll() // Allow anonymous logins .antMatchers("/auth/**") .permitAll() // Allow SMS gateway .antMatchers("/registrasi-pasien-sms/**") .permitAll() // Allow SMS gateway .antMatchers("/report/**") .permitAll() // URL tanpa auth deklarasikan di sini .antMatchers("/test-tanpa-auth/**") .permitAll() .antMatchers("/test/**") .permitAll() .antMatchers("/api-docs.json") .permitAll() .antMatchers("/api-docs/**") .permitAll() /*//Allow Download File Surat Masuk .antMatchers("/surat-masuk/download-dokumen-template/**") .permitAll() .antMatchers("/surat-masuk/get-draft-surat/**") .permitAll()*/ // All other request need to be authenticated .anyRequest() .authenticated() .and() // Custom Token based authentication based on the header // previously given to the client .addFilterBefore( new StatelessAuthenticationFilter( tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService()).passwordEncoder( new BCryptPasswordEncoder()); } @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean @Override public UserService userDetailsService() { return userService; } @Bean public TokenAuthenticationService tokenAuthenticationService() { return tokenAuthenticationService; } // @Bean(name = "springSecurityFilterChain", autowire = Autowire.BY_NAME) // public DelegatingFilterProxy springSecurityFilterChain(){ // return new DelegatingFilterProxy(); // } }