mirror of
https://git.imnavajas.es/jjimenez/erp-imprimelibros.git
synced 2026-01-13 00:48:49 +00:00
trabajando en usuarios
This commit is contained in:
@ -1,36 +1,105 @@
|
||||
package com.imprimelibros.erp.config;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
|
||||
|
||||
import com.imprimelibros.erp.users.User;
|
||||
import com.imprimelibros.erp.users.UserDao;
|
||||
import com.imprimelibros.erp.users.UserDetailsImpl;
|
||||
|
||||
@Configuration
|
||||
public class SecurityConfig {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers(
|
||||
"/",
|
||||
"/assets/**",
|
||||
"/css/**",
|
||||
"/js/**",
|
||||
"/images/**",
|
||||
"/public/**",
|
||||
"/error",
|
||||
"/presupuesto/public/**",
|
||||
"/favicon.ico")
|
||||
.permitAll()
|
||||
.anyRequest().authenticated())
|
||||
.csrf(csrf -> csrf
|
||||
.ignoringRequestMatchers("/presupuesto/public/**"))
|
||||
.formLogin(login -> login
|
||||
.loginPage("/login")
|
||||
.permitAll())
|
||||
.logout(logout -> logout.permitAll());
|
||||
private final DataSource dataSource;
|
||||
|
||||
return http.build();
|
||||
}
|
||||
public SecurityConfig(DataSource dataSource) {
|
||||
this.dataSource = dataSource;
|
||||
}
|
||||
|
||||
// UserDetailsService para autenticación por username
|
||||
@Bean
|
||||
public UserDetailsService userDetailsService(UserDao repo) {
|
||||
return username -> {
|
||||
User u = repo.findByUserNameAndEnabledTrue(username);
|
||||
if (u == null)
|
||||
throw new UsernameNotFoundException("No existe: " + username);
|
||||
return new UserDetailsImpl(u);
|
||||
};
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
// Repositorio de tokens persistentes (usa la tabla 'persistent_logins')
|
||||
@Bean
|
||||
public PersistentTokenRepository persistentTokenRepository() {
|
||||
JdbcTokenRepositoryImpl repo = new JdbcTokenRepositoryImpl();
|
||||
repo.setDataSource(dataSource);
|
||||
// Descomenta una única vez si quieres que cree la tabla automáticamente:
|
||||
// repo.setCreateTableOnStartup(true);
|
||||
return repo;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http, @Value("${security.rememberme.key}") String keyRememberMe) throws Exception {
|
||||
http
|
||||
.sessionManagement(session -> session
|
||||
.invalidSessionUrl("/login?expired")
|
||||
.maximumSessions(1) // opcional: limita sesiones concurrentes
|
||||
)
|
||||
// CSRF habilitado; ignoramos endpoints públicos del presupuesto (AJAX)
|
||||
.csrf(csrf -> csrf.ignoringRequestMatchers("/presupuesto/public/**"))
|
||||
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers(
|
||||
"/", "/login",
|
||||
"/assets/**", "/css/**", "/js/**", "/images/**",
|
||||
"/public/**", "/presupuesto/public/**",
|
||||
"/error", "/favicon.ico")
|
||||
.permitAll()
|
||||
.anyRequest().authenticated())
|
||||
|
||||
.authorizeHttpRequests(configurer -> configurer
|
||||
.requestMatchers("/users/**").hasAnyRole("SUPERADMIN", "ADMIN")
|
||||
)
|
||||
.formLogin(login -> login
|
||||
.loginPage("/login").permitAll()
|
||||
.loginProcessingUrl("/login")
|
||||
.usernameParameter("username")
|
||||
.passwordParameter("password")
|
||||
.defaultSuccessUrl("/", true))
|
||||
|
||||
// ===== Remember Me =====
|
||||
.rememberMe(rm -> rm
|
||||
.key(keyRememberMe) // clave secreta
|
||||
.rememberMeParameter("remember-me") // <input name="remember-me">
|
||||
.rememberMeCookieName("IMPRIMELIBROS_REMEMBER")
|
||||
.tokenValiditySeconds(60 * 60 * 24 * 14) // 14 días
|
||||
.userDetailsService(userDetailsService(null)) // se inyecta el bean real
|
||||
// en runtime
|
||||
.tokenRepository(persistentTokenRepository()))
|
||||
|
||||
.logout(logout -> logout
|
||||
.logoutUrl("/logout")
|
||||
.logoutSuccessUrl("/")
|
||||
.invalidateHttpSession(true)
|
||||
.deleteCookies("JSESSIONID", "IMPRIMELIBROS_REMEMBER")
|
||||
.permitAll());
|
||||
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user