package com.avitam.bankloanapplication.web.controllers; import com.avitam.bankloanapplication.tokenGeneration.JwtFilter; import jakarta.servlet.DispatcherType; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.vote.UnanimousBased; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.expression.WebExpressionVoter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.client.RestTemplate; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import java.util.Arrays; import java.util.List; @Configuration @EnableWebSecurity public class WebSecurityConfig { private static final String SERVER_URL = "server.url"; private static final String SERVER_UI_URL = "server.ui.url"; @Qualifier("userDetailsServiceImpl") @Autowired private UserDetailsService userDetailsService; @Autowired private JwtFilter jwtFilter; @Autowired private Environment env; @Value("${openapi.api.url}") private String apiUrl; @Bean public RestTemplate restTemplate() { return new RestTemplate(); } @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() .authorizeHttpRequests((requests) -> { try { requests .dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll() .requestMatchers( "/api/authenticate", "/admin/contact/**", "/css/**", "/images/**", "/vendors/**", "/api/**", "/maps/**", "/resources/**", "/register", "/login", "/loans/loanType", "/forgotpassword", "/resetpassword", "/handleUploadOperation", "/registrationConfirm", "/admin/otp/**", "/admin/mobile/send-otp", "/admin/mobile/validate-otp", "/admin/mobile/save-username", "/admin/role", "/admin/role/get", "/user/getAdminProfile", "/admin/user/**", "/images/**", "/loans/pdfDownload/**", "/admin/notification/**").permitAll() .anyRequest().authenticated().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } catch (Exception e) { throw new RuntimeException(); } } ) .rememberMe((rememberMe) -> rememberMe .key("rem-me-key") // Key used for encoding the token .rememberMeParameter("remember") // Name of the checkbox in the login form .rememberMeCookieName("rememberlogin") // Name of the cookie .tokenValiditySeconds(86400) // Token validity in seconds (e.g., 1 day) ) .formLogin((form) -> form .loginPage("/login").permitAll() .loginProcessingUrl("/login") ) .logout((logout) -> logout.permitAll()); http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class); return http.build(); } @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("https://api.shreemeenakshifinance.com", "http://localhost:3000", "https://admin.shreemeenakshifinance.com")); // Allow the specific origin configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type")); configuration.setAllowCredentials(true); // Allow credentials if needed UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); // Apply CORS settings to all paths return source; } @Bean public AuthenticationManager authenticationManager() { return new ProviderManager(userDetailsAuthProvider()); } @Bean public AccessDecisionVoter accessDecisionProcessor() { return new AccessDecisionProcessor(); } @Bean public AccessDecisionManager accessDecisionManager() { List> decisionVoters = Arrays.asList(new WebExpressionVoter(), accessDecisionProcessor()); return new UnanimousBased(decisionVoters); } @Bean public BCryptPasswordEncoder bCryptPasswordEncoder() { return new BCryptPasswordEncoder(); } @Bean public AuthenticationProvider userDetailsAuthProvider() { DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); authenticationProvider.setUserDetailsService(userDetailsService); authenticationProvider.setPasswordEncoder(bCryptPasswordEncoder()); return authenticationProvider; } }