-1
Hello, I created my spring security configuration class, but when adding the authorization filter my access to H2-console was lost:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private JWTUtil jwtUtil;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private Environment env;
private static final String[] PUBLIC_MATCHERS = {
"/h2-console/**"
};
private static final String[] PUBLIC_MATCHERS_GET = {
"/produtos/**",
"/clientes/**",
"/categorias/**"
};
@Override
protected void configure(HttpSecurity http) throws Exception{
if(Arrays.asList(env.getActiveProfiles()).contains("test")){
http.headers().frameOptions().disable();
}
http.cors().and().csrf().disable();
http.authorizeRequests()
.antMatchers(HttpMethod.GET, PUBLIC_MATCHERS_GET).permitAll()
.antMatchers(PUBLIC_MATCHERS).permitAll()
.anyRequest().authenticated();
http.addFilter(new JWTAuthenticationFilter(authenticationManager(), jwtUtil));
**http.addFilter(new JWTAuthorizationFilter(authenticationManager(), jwtUtil, userDetailsService));**
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
