hlaeja-old/hlaeja-management
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

extract paths from SecurityConfiguration to authorize

Browse Source
This commit is contained in:
Mr. Swordsteel
2025-07-31 23:04:36 +02:00
committed by swordsteel
parent 372ab9fcb2
commit 29c6a75751
3 changed files with 40 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
View File

@@ -1,5 +1,7 @@
package ltd.hlaeja.configuration package ltd.hlaeja.configuration
import ltd.hlaeja.security.authorize.adminPaths
import ltd.hlaeja.security.authorize.publicPaths
import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler
import ltd.hlaeja.security.handler.UserAccessDeniedHandler import ltd.hlaeja.security.handler.UserAccessDeniedHandler
import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Bean
@@ -16,7 +18,9 @@ import org.springframework.security.web.server.SecurityWebFilterChain
class SecurityConfiguration { class SecurityConfiguration {
@Bean @Bean
fun securityWebFilterChain(serverHttpSecurity: ServerHttpSecurity): SecurityWebFilterChain = serverHttpSecurity fun securityWebFilterChain(
serverHttpSecurity: ServerHttpSecurity,
): SecurityWebFilterChain = serverHttpSecurity
.csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) } .csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) }
.exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) } .exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) }
.authorizeExchange(::authorizeExchange) .authorizeExchange(::authorizeExchange)
@@ -24,32 +28,23 @@ class SecurityConfiguration {
.logout(::logout) .logout(::logout)
.build() .build()
private fun logout(logout: ServerHttpSecurity.LogoutSpec) = logout.logoutUrl("/logout") private fun authorizeExchange(
authorizeExchange: AuthorizeExchangeSpec,
) = authorizeExchange
.publicPaths().permitAll()
.adminPaths().hasRole("ADMIN")
.anyExchange().authenticated()
private fun logout(
logout: ServerHttpSecurity.LogoutSpec,
) = logout.logoutUrl("/logout")
.logoutSuccessHandler { webFilter, _ -> .logoutSuccessHandler { webFilter, _ ->
webFilter.exchange.response.headers.add("Location", "/logout") webFilter.exchange.response.headers.add("Location", "/logout")
webFilter.exchange.response.statusCode = FOUND webFilter.exchange.response.statusCode = FOUND
webFilter.exchange.response.setComplete() webFilter.exchange.response.setComplete()
} }
private fun formLogin(login: FormLoginSpec) = login.loginPage("/login") private fun formLogin(
login: FormLoginSpec,
private fun authorizeExchange(authorizeExchange: AuthorizeExchangeSpec) = authorizeExchange ) = login.loginPage("/login")
.publicPaths().permitAll()
.adminPaths().hasRole("ADMIN")
.anyExchange().authenticated()
private fun AuthorizeExchangeSpec.adminPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
"/account/**",
"/type/**",
)
private fun AuthorizeExchangeSpec.publicPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
"/css/**",
"/js/**",
"/img/**",
"/actuator/**",
"/login",
"/logout",
"/",
)
} }

8
src/main/kotlin/ltd/hlaeja/security/authorize/AdminPaths.kt Normal file
View File

@@ -0,0 +1,8 @@
package ltd.hlaeja.security.authorize
import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
fun AuthorizeExchangeSpec.adminPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
"/account/**",
"/type/**",
)

14
src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt Normal file
View File

@@ -0,0 +1,14 @@
package ltd.hlaeja.security.authorize
import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
fun AuthorizeExchangeSpec.publicPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
"/favicon.ico",
"/actuator/**",
"/css/**",
"/img/**",
"/js/**",
"/logout",
"/login",
"/",
)