package com.agendaestudantil.configuracao; import com.agendaestudantil.dto.RespostaApi; import com.agendaestudantil.filtro.FiltroJwt; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import java.time.LocalDateTime; import java.util.ArrayList; import java.util.List; @Configuration @EnableWebSecurity public class ConfiguracaoSeguranca { private final FiltroJwt filtroJwt; private final String corsAllowedOrigins; private final String perfilAtivo; public ConfiguracaoSeguranca(FiltroJwt filtroJwt, @Value("${cors.allowed.origins}") String corsAllowedOrigins, @Value("${spring.profiles.active:dev}") String perfilAtivo) { this.filtroJwt = filtroJwt; this.corsAllowedOrigins = corsAllowedOrigins; this.perfilAtivo = perfilAtivo; } @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { List pathsPublicos = new ArrayList<>(List.of( "/", "/index.html", "/login.html", "/cadastro.html", "/calendario.html", "/configuracoes.html", "/politica-privacidade.html", "/favicon.ico", "/imagens/**", "/*.css", "/*.js", "/*.ico", "/*.png", "/api/estudantes/cadastro", "/api/estudantes/login")); if ("dev".equals(perfilAtivo)) { pathsPublicos.add("/swagger-ui/**"); pathsPublicos.add("/v3/api-docs/**"); } http.csrf(csrf -> csrf.disable()) .cors(cors -> cors.configurationSource(corsConfigurationSource())) .authorizeHttpRequests(auth -> auth .requestMatchers(pathsPublicos.toArray(new String[0])) .permitAll() .anyRequest().authenticated()) .exceptionHandling(ex -> ex .authenticationEntryPoint((request, response, authException) -> { response.setContentType(MediaType.APPLICATION_JSON_VALUE); response.setStatus(HttpStatus.UNAUTHORIZED.value()); RespostaApi body = new RespostaApi<>(null, "Acesso nao autorizado", LocalDateTime.now()); new ObjectMapper().writeValue(response.getOutputStream(), body); })) .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .addFilterBefore(filtroJwt, UsernamePasswordAuthenticationFilter.class); return http.build(); } @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(List.of(corsAllowedOrigins.split(","))); configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); configuration.setAllowedHeaders(List.of("*")); configuration.setExposedHeaders(List.of("Authorization")); configuration.setAllowCredentials(true); configuration.setMaxAge(3600L); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception { return config.getAuthenticationManager(); } }