-1

Good day!

I am trying to convert a project to annotation-based/Java Configuration based from an XML-based project. Is there a way to turn the XML configuration below to Java Configuration?

<beans:bean id="jwtAuthenticationFilter" class="foo.bar.security.JwtAuthenticationFilter">  
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationSuccessHandler" ref="jwtAuthenticationSuccessHandler" />  
    </beans:bean>

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="jwtAuthenticationProvider" />  
    </authentication-manager>

This is by the way, a snippet from the security-context.xml that I use. I am trying to look for the solution here but the documentation for @Bean does not have it. I don't know what to do with the properties of the bean. And also for the authentication-manager node. Hope someone can help me.

Thanks in advance!

Oneb
  • 375
  • 1
  • 10
  • 21

1 Answers1

1

You need to declare your filter class. E.g.:

public class JwtAuthenticationFilter extends OncePerRequestFilter {

  private final AuthenticationManager authenticationManager;

  public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
    this.authenticationManager = authenticationManager;
  }

  @Override
  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    String authToken = request.getHeader("X-AUTH-TOKEN");
    if (authToken == null) {
      chain.doFilter(request, response);
      return;
    }
    Authentication authentication = authenticationManager.authenticate(new JwtAuthenticationToken(authToken));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    chain.doFilter(request, response);
  }
}

And create SecurityConfiguration class. E.g.:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Value("${secret.key}")
  private String secretKey;

  @Autowired
  private UserRepository userRepository;

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .authenticationEventPublisher(new NoopAuthenticationEventPublisher())
        .authenticationProvider(new JwtAuthenticationProvider(secretKey, userRepository));
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .csrf().disable()
        .addFilterBefore(new JwtAuthenticationFilter(authenticationManager()), AbstractPreAuthenticatedProcessingFilter.class)
        .addFilterBefore(new BasicAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class)
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .antMatchers("/owner/**").hasAnyRole("OWNER", "ADMIN")
        .antMatchers("/health", "invitation/accept").permitAll()
        .antMatchers("/**").hasRole("USER");
  }

}
hya
  • 1,708
  • 2
  • 15
  • 22