Package com.fiap.tech_challenge.parte1.ms_users.infra.security

Class SecurityConfigurations

java.lang.Object
com.fiap.tech_challenge.parte1.ms_users.infra.security.SecurityConfigurations
@Configuration @EnableWebSecurity public class SecurityConfigurations extends Object
Security configuration class for setting up Spring Security in the application.

Configures HTTP security, authentication manager, password encoding, and the security filter chain.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityConfigurations(SecurityFilter securityFilter)
    Constructs a new SecurityConfigurations instance with the specified security filter.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.authentication.AuthenticationManager
    authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration configuration)
    Provides the AuthenticationManager bean configured by Spring Security.
    org.springframework.security.crypto.password.PasswordEncoder
    passwordEncoder()
    Provides the password encoder bean using BCrypt hashing algorithm.
    org.springframework.security.web.SecurityFilterChain
    securityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
    Configures the security filter chain with HTTP security rules.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SecurityConfigurations

      public SecurityConfigurations(SecurityFilter securityFilter)
      Constructs a new SecurityConfigurations instance with the specified security filter.
      Parameters:
      securityFilter - the custom security filter to be applied before authentication

  • Method Details

    • securityFilterChain

      @Bean public org.springframework.security.web.SecurityFilterChain securityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Configures the security filter chain with HTTP security rules.
      • Disables CSRF protection (for stateless REST APIs).
      • Sets session management to stateless.
      • Defines endpoint authorization rules:
        • Permits everyone to access POST /users/login and POST /users.
        • Restricts GET /users to users with the role OWNER.
        • Requires authentication for all other requests.
      • Sets custom access denied handler returning 403 with message.
      • Adds the custom security filter before the username-password authentication filter.
      Parameters:
      http - the HttpSecurity to configure
      Returns:
      the configured SecurityFilterChain
      Throws:
      Exception - in case of configuration errors

    • authenticationManager

      @Bean public org.springframework.security.authentication.AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration configuration) throws Exception
      Provides the AuthenticationManager bean configured by Spring Security.
      Parameters:
      configuration - the AuthenticationConfiguration provided by Spring
      Returns:
      the authentication manager
      Throws:
      Exception - if unable to get the authentication manager

    • passwordEncoder

      @Bean public org.springframework.security.crypto.password.PasswordEncoder passwordEncoder()
      Provides the password encoder bean using BCrypt hashing algorithm.
      Returns:
      a PasswordEncoder instance