Package tech.lastbox.lastshield.security.core

Class CoreSecurityConfig

java.lang.Object
tech.lastbox.lastshield.security.core.CoreSecurityConfig
@Configuration @ComponentScan @EnableWebSecurity public class CoreSecurityConfig extends Object
The CoreSecurityConfig class configures the security settings for the web application, including authorization, authentication, and Cross-Site Request Forgery (CSRF) protection. It uses Spring Security to define custom security filter chains and manages path-based access control using RouteAuthority objects.

This class is responsible for setting up the security filter chain, including the handling of custom CORS configurations, CSRF protection settings, and adding custom authorities for route access.

  • Constructor Details

    • CoreSecurityConfig

      public CoreSecurityConfig(CorsConfig corsConfig, SecurityUtil securityUtil, SecurityFilter securityFilter)
      Constructs a new CoreSecurityConfig instance with the required dependencies for CORS configuration, security utilities, and a custom security filter. This constructor uses Spring's Dependency Injection mechanism to inject the necessary beans into the class.
      Parameters:
      corsConfig - the CorsConfig object used to configure Cross-Origin Resource Sharing (CORS) settings.
      securityUtil - the SecurityUtil utility used for various security-related operations, such as user repository handling.
      securityFilter - the SecurityFilter that is added to the security filter chain to handle custom authentication and authorization.

  • Method Details

    • defaultSecurityFilterChain

      @Bean public org.springframework.security.web.SecurityFilterChain defaultSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Configures the default SecurityFilterChain with CORS, CSRF protection, and authority-based access control.

      If the build() method was not previously called, an exception will be thrown. This method sets up the security filter chain by adding the SecurityFilter and configuring paths and roles.

      Parameters:
      http - the HttpSecurity object used to configure security settings.
      Returns:
      the configured SecurityFilterChain.
      Throws:
      Exception - if there is any error while configuring the security filter chain.

    • addAuthority

      public void addAuthority(RouteAuthority routeAuthority)
      Adds a RouteAuthority to the list of authorities. If the provided RouteAuthority does not have any associated roles, the path of the authority is added to the list of paths that should not be filtered by the advanced filter using the AdvancedFilterChecker.addShoudNotFilterPath(String) method.

      If the advanced filter is not currently enabled (AdvancedFilterChecker.isAdvancedFiltered() returns false), this method will enable it by calling setAdvancedFilter() and configure the SecurityFilter with the appropriate user repository class using SecurityUtil.getUserRepositoryClass().

      Parameters:
      routeAuthority - the RouteAuthority object representing the authority to be added.

    • setCsrfProtection

      public void setCsrfProtection(boolean csrfProtection)
      Enables or disables CSRF protection for the application.
      Parameters:
      csrfProtection - true to enable CSRF protection, false to disable it.

    • isCalled

      public void isCalled()
      Marks the security configuration as initialized. This should be called after the configuration is properly set up.