extract paths from SecurityConfiguration to authorize

2025-07-31 23:04:36 +02:00
parent fd9c927b02
commit a1d0501fee
3 changed files with 40 additions and 23 deletions
--- a/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
+++ b/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
@@ -1,5 +1,7 @@
 package ltd.hlaeja.configuration

+import ltd.hlaeja.security.authorize.adminPaths
+import ltd.hlaeja.security.authorize.publicPaths
 import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler
 import ltd.hlaeja.security.handler.UserAccessDeniedHandler
 import org.springframework.context.annotation.Bean
@@ -16,7 +18,9 @@ import org.springframework.security.web.server.SecurityWebFilterChain
 class SecurityConfiguration {

    @Bean
-    fun securityWebFilterChain(serverHttpSecurity: ServerHttpSecurity): SecurityWebFilterChain = serverHttpSecurity
+    fun securityWebFilterChain(
+        serverHttpSecurity: ServerHttpSecurity,
+    ): SecurityWebFilterChain = serverHttpSecurity
        .csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) }
        .exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) }
        .authorizeExchange(::authorizeExchange)
@@ -24,32 +28,23 @@ class SecurityConfiguration {
        .logout(::logout)
        .build()

-    private fun logout(logout: ServerHttpSecurity.LogoutSpec) = logout.logoutUrl("/logout")
+    private fun authorizeExchange(
+        authorizeExchange: AuthorizeExchangeSpec,
+    ) = authorizeExchange
+        .publicPaths().permitAll()
+        .adminPaths().hasRole("ADMIN")
+        .anyExchange().authenticated()
+
+    private fun logout(
+        logout: ServerHttpSecurity.LogoutSpec,
+    ) = logout.logoutUrl("/logout")
        .logoutSuccessHandler { webFilter, _ ->
            webFilter.exchange.response.headers.add("Location", "/logout")
            webFilter.exchange.response.statusCode = FOUND
            webFilter.exchange.response.setComplete()
        }

-    private fun formLogin(login: FormLoginSpec) = login.loginPage("/login")
-
-    private fun authorizeExchange(authorizeExchange: AuthorizeExchangeSpec) = authorizeExchange
-        .publicPaths().permitAll()
-        .adminPaths().hasRole("ADMIN")
-        .anyExchange().authenticated()
-
-    private fun AuthorizeExchangeSpec.adminPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
-        "/account/**",
-        "/type/**",
-    )
-
-    private fun AuthorizeExchangeSpec.publicPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
-        "/css/**",
-        "/js/**",
-        "/img/**",
-        "/actuator/**",
-        "/login",
-        "/logout",
-        "/",
-    )
+    private fun formLogin(
+        login: FormLoginSpec,
+    ) = login.loginPage("/login")
 }
--- a/src/main/kotlin/ltd/hlaeja/security/authorize/AdminPaths.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/authorize/AdminPaths.kt
@@ -0,0 +1,8 @@
+package ltd.hlaeja.security.authorize
+
+import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
+
+fun AuthorizeExchangeSpec.adminPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
+    "/account/**",
+    "/type/**",
+)
--- a/src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt
@@ -0,0 +1,14 @@
+package ltd.hlaeja.security.authorize
+
+import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
+
+fun AuthorizeExchangeSpec.publicPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
+    "/favicon.ico",
+    "/actuator/**",
+    "/css/**",
+    "/img/**",
+    "/js/**",
+    "/logout",
+    "/login",
+    "/",
+)