Package com.espacogeek.geek.config
Class SecurityConfig
java.lang.Object
com.espacogeek.geek.config.SecurityConfig
Spring Security setup: fully stateless JWT authentication.
CSRF protection is disabled because all state-mutating requests are authenticated
via the
Authorization: Bearer <accessToken> header. Browsers never
automatically add that header to cross-origin requests, so CSRF cannot occur.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.authentication.AuthenticationManagerauthenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration) org.springframework.security.crypto.bcrypt.BCryptPasswordEncoderorg.springframework.security.web.SecurityFilterChainconfigure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) void
-
Constructor Details
-
SecurityConfig
public SecurityConfig()
-
-
Method Details
-
logCorsConfig
@PostConstruct public void logCorsConfig() -
authenticationManager
@Bean public org.springframework.security.authentication.AuthenticationManager authenticationManager(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration) throws Exception - Throws:
Exception
-
bCryptPasswordEncoder
@Bean public org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder bCryptPasswordEncoder() -
configure
@Bean public org.springframework.security.web.SecurityFilterChain configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception - Throws:
Exception
-