diff --git a/build.gradle.kts b/build.gradle.kts index 5842aaa..787ada4 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -33,9 +33,15 @@ dependencies { implementation("org.springframework.boot:spring-boot-starter-data-jpa") implementation("org.springframework.boot:spring-boot-starter-validation") implementation("org.springframework.boot:spring-boot-starter-web") + implementation("org.springframework.boot:spring-boot-starter-security") + implementation("org.springframework.boot:spring-boot-starter-oauth2-client") implementation("com.fasterxml.jackson.module:jackson-module-kotlin") implementation("org.jetbrains.kotlin:kotlin-reflect") + implementation("io.jsonwebtoken:jjwt-api:0.11.5") + runtimeOnly("io.jsonwebtoken:jjwt-impl:0.11.5") + runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.11.5") + developmentOnly("org.springframework.boot:spring-boot-docker-compose") runtimeOnly("com.mysql:mysql-connector-j") diff --git a/src/main/kotlin/com/didit/adapter/config/SecurityConfig.kt b/src/main/kotlin/com/didit/adapter/config/SecurityConfig.kt new file mode 100644 index 0000000..c0c96ba --- /dev/null +++ b/src/main/kotlin/com/didit/adapter/config/SecurityConfig.kt @@ -0,0 +1,31 @@ +package com.didit.adapter.config + +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.security.config.annotation.web.builders.HttpSecurity +import org.springframework.security.config.http.SessionCreationPolicy +import org.springframework.security.web.SecurityFilterChain + +@Configuration +class SecurityConfig { + @Bean + fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { + http + .csrf { it.disable() } + .formLogin { it.disable() } + .httpBasic { it.disable() } + .sessionManagement { + it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) + }.authorizeHttpRequests { + it + .requestMatchers( + "/auth/**", + "/health", + ).permitAll() + .anyRequest() + .authenticated() + } + + return http.build() + } +}