chore: update security configuration

Throyer · Throyer · commit ef7d48d4329a · 2022-05-28T22:21:47.000-03:00
diff --git a/src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java b/src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java
@@ -6,6 +6,7 @@
 import static com.github.throyer.common.springboot.constants.SECURITY.LOGIN_ERROR_URL;
 import static com.github.throyer.common.springboot.constants.SECURITY.LOGIN_URL;
 import static com.github.throyer.common.springboot.constants.SECURITY.LOGOUT_URL;
+import static com.github.throyer.common.springboot.constants.SECURITY.PASSWORD_ENCODER;
 import static com.github.throyer.common.springboot.constants.SECURITY.PASSWORD_PARAMETER;
 import static com.github.throyer.common.springboot.constants.SECURITY.PUBLIC_API_ROUTES;
 import static com.github.throyer.common.springboot.constants.SECURITY.SESSION_COOKIE_NAME;
@@ -25,6 +26,9 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -46,13 +50,29 @@ public class SpringSecurityConfiguration {
 
     @Autowired
     public SpringSecurityConfiguration(
-            SessionService sessionService,
-            AuthorizationMiddleware filter
+        SessionService sessionService,
+        AuthorizationMiddleware filter
     ) {
         this.sessionService = sessionService;
         this.filter = filter;
     }
 
+    @Autowired
+    protected void globalConfiguration(
+        AuthenticationManagerBuilder authentication
+    ) throws Exception {
+        authentication
+            .userDetailsService(sessionService)
+            .passwordEncoder(PASSWORD_ENCODER);
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(
+        AuthenticationConfiguration configuration
+    ) throws Exception {
+        return configuration.getAuthenticationManager();
+    }
+
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer() {
         return (web) -> web.ignoring().antMatchers(STATIC_FILES);
@@ -74,8 +94,7 @@ public SecurityFilterChain api(HttpSecurity http) throws Exception {
                 .disable()
                     .exceptionHandling()
                         .authenticationEntryPoint((request, response, exception) -> forbidden(response))
-            .and()
-                .userDetailsService(sessionService)
+            .and()                
                 .sessionManagement()
                 .sessionCreationPolicy(STATELESS)
             .and()
@@ -100,17 +119,15 @@ public SecurityFilterChain app(HttpSecurity http) throws Exception {
                         .authenticated()
             .and()
                 .csrf()
-                    .disable()
-                    .userDetailsService(sessionService)
+                    .disable()                    
                         .formLogin()
                             .loginPage(LOGIN_URL)
                                 .failureUrl(LOGIN_ERROR_URL)
                                 .defaultSuccessUrl(HOME_URL)
                             .usernameParameter(USERNAME_PARAMETER)
                             .passwordParameter(PASSWORD_PARAMETER)
             .and()
-                .rememberMe()
-                    .userDetailsService(sessionService)
+                .rememberMe()                    
                     .key(TOKEN_SECRET)
                         .tokenValiditySeconds(DAY_MILLISECONDS)
             .and()
diff --git a/src/main/java/com/github/throyer/common/springboot/constants/SECURITY.java b/src/main/java/com/github/throyer/common/springboot/constants/SECURITY.java
@@ -25,6 +25,17 @@ public SECURITY(
         SECURITY.REFRESH_TOKEN_EXPIRATION_IN_DAYS = refreshTokenExpirationInDays;
     }
 
+    public static final String[] STATIC_FILES = {
+        "/robots.txt",
+        "/font/**",
+        "/css/**",
+        "/webjars/**",
+        "/js/**",
+        "/favicon.ico",
+        "/**.html",
+        "/documentation/**"
+    };
+
     public static final PublicRoutes PUBLIC_API_ROUTES = create()
             .add(GET, "/api", "/api/documentation/**")
             .add(POST, "/api/users", "/api/sessions/**", "/api/recoveries/**", "/api/documentation/**");
@@ -57,16 +68,4 @@ public SECURITY(
     public static final String ACCEPTABLE_TOKEN_TYPE = SECURITY_TYPE + " ";
     public static final String CAN_T_WRITE_RESPONSE_ERROR = "can't write response error.";
     public static final Integer BEARER_WORD_LENGTH = SECURITY_TYPE.length();
-
-    public static final String[] STATIC_FILES = {
-            "/robots.txt",
-            "/font/**",
-            "/css/**",
-            "/webjars/**",
-            "/webjars/",
-            "/js/**",
-            "/favicon.ico",
-            "/**.html",
-            "/documentation/**"
-    };
 }
diff --git a/src/main/java/com/github/throyer/common/springboot/domain/user/repository/custom/NativeQueryUserRepositoryImpl.java b/src/main/java/com/github/throyer/common/springboot/domain/user/repository/custom/NativeQueryUserRepositoryImpl.java
@@ -55,6 +55,7 @@ public Optional<User> findByEmail(String email) {
     }
 
     @Override
+    @SuppressWarnings("unchecked")
     public Page<User> findAll(Pageable pageable) {
         var query = manager
                 .createNativeQuery(FIND_ALL_USER_FETCH_ROLES, Tuple.class);
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -5,8 +5,7 @@
 server.port=${SERVER_PORT:8080}
 
 # logger
-logging.level.springfox.documentation=off
-logging.level.org.springframework.web=trace
+logging.level.root=info
 spring.output.ansi.enabled=always
 spring.jpa.properties.hibernate.format_sql=true
 spring.jpa.show-sql=${DB_SHOW_SQL:true}
diff --git a/src/main/resources/templates/app/fragments/navbar.html b/src/main/resources/templates/app/fragments/navbar.html
@@ -31,6 +31,7 @@
                     <a
                         th:href="@{/swagger-ui/index.html?configUrl=/documentation/schemas/swagger-config}"
                         class="nav-link link-dark px-2"
+                        target="_blank"
                     >
                         <i class="fas fa-scroll"></i>
                         Swagger docs
@@ -40,6 +41,7 @@
                     <a
                         href="https://github.com/Throyer/springboot-api-crud#spring-boot-api-crud"
                         class="nav-link link-dark px-2"
+                        target="_blank"
                     >
                     <i class="fab fa-github-alt"></i>
                         Repository

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@ public Optional<User> findByEmail(String email) {`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`@Override`
	`58`	`+ @SuppressWarnings("unchecked")`
`58`	`59`	`public Page<User> findAll(Pageable pageable) {`
`59`	`60`	`var query = manager`
`60`	`61`	`.createNativeQuery(FIND_ALL_USER_FETCH_ROLES, Tuple.class);`