SecurityConfig

@Configuration

@EnableWebSecurity

public class SecurityConfig {

  @Autowired

  private CustomKeycloakPreAuthActionsFilter customKeycloakPreAuthActionsFilter;

  @Autowired

  private LicenseCheckFilter  licenseCheckFilter;

  @Autowired

  private JwtDecoder  jwtDecoder;

  private static final int  YEAR_IN_SECOND = 31_536_000;

  @Bean

  protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

    return  http

      .addFilterBefore(licenseCheckFilter, BasicAuthenticationFilter.class)

      .addFilterAfter(customKeycloakPreAuthActionsFilter, BasicAuthenticationFilter.class)

      .authorizeHttpRequests(authorize -> authorize

        .requestMatchers(new AntPathRequestMatcher("/mcs/*/system/ping")).permitAll()

        .requestMatchers(new AntPathRequestMatcher("/mcs/*/system/privacy-policies", HttpMethod.GET.name())).permitAll()

        .requestMatchers(

            new AntPathRequestMatcher("/mcs/*/account/request-reset-password-email"),

            new AntPathRequestMatcher("/**/account/reset-password-by-email"),

            new AntPathRequestMatcher("/mcs/*/account/reset-password")

          ).permitAll()

        .requestMatchers(

            new AntPathRequestMatcher("/mcs/*/account/request-activate-email"),

            new AntPathRequestMatcher( "/**/account/activate-by-email"),

            new AntPathRequestMatcher("/mcs/*/account/activate")

          ).permitAll()

        .requestMatchers(new AntPathRequestMatcher("/mcs/*/account/session", HttpMethod.PUT.name())).permitAll()

        .requestMatchers(new AntPathRequestMatcher("/mcs/*/account/session", HttpMethod.POST.name())).permitAll()

        .requestMatchers(

            new AntPathRequestMatcher("/mcs/*/event/**")

          ).permitAll()

        .requestMatchers(new AntPathRequestMatcher("/static/**")).permitAll()

        .requestMatchers(

            new AntPathRequestMatcher("/mcs/**")

        ).hasRole("DASHBOARD")

        // all the REST API's must be matched in the above lines

        .anyRequest().permitAll())

      .csrf(csrf -> csrf

        .ignoringRequestMatchers(

            new AntPathRequestMatcher("/mcs/*/account/**"),

            new AntPathRequestMatcher("/**/license"))

        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))

      .headers(headers -> headers

        .httpStrictTransportSecurity(hsts -> hsts

          .includeSubDomains(true)

          .maxAgeInSeconds(YEAR_IN_SECOND))

        .xssProtection(xss -> xss.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK))

        .contentSecurityPolicy(csp -> csp.policyDirectives("script-src 'self' 'unsafe-eval'")))

      .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))

      .oauth2ResourceServer(configurer -> configurer

        .jwt(jwtConfigurer -> jwtConfigurer

          .decoder(jwtDecoder)

          .jwtAuthenticationConverter(jwt -> {

            Map<String, Collection<String>> realmAccess = jwt.getClaim("realm_access");

            Collection<String> roles = realmAccess.get("roles");

            var grantedAuthorities = roles.stream()

              .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase()))

              .toList();

            return new JwtAuthenticationToken(jwt, grantedAuthorities);

          })))

      .build();

  }

}

Spring Security - Trabajando con usuarios en memoria

Una vez visto lo sencillo que es proteger nuestra aplicación de una forma básica, vamos a complicar un poco la idea, trabajando con cuantos usuarios queramos, en memoria Continue reading Spring Security – Trabajando con usuarios en memoria

View On WordPress

Oswald and his friends cause I love their bonding and this game

Bonus

In celebration of the “Into the pit” FNAF game announcement,,

FIN!

Happy 10th Anniversary FNaF!!! 🥳🎉💕 I can’t believe this franchise has quite literally been part of half my life, and I wouldn’t have it any other way :) You will always be an incredibly special part of who I am.

Danny is a damn good mechanic. Working on his parents automobiles have made how he works on vehicles a bit unorthodox. Why disassemble half of the entire car to get to the battery when you could just go in intangibly? OSHA is a scam and a fraud. So what if Nightwing sees him put tension on some coil springs he needs to add back to a cars suspension BY HAND BY SQUISHING IT DOWN and using safety squints while he secures everything in place. He also can MacGyver up absolutely anything you’ll ever need and anything you never should ever attach to your vehicle. All he asks is that no one ever repairs that part besides himself till the end of time or risk a chance of the item exploding in your face. Is it made out of half a toaster and a raspberry pi? Yes. It can however allow you to see the real time positions of any cop within 25 miles and that’s worth rapid disassembly.

is she good do you think

William's and y/n's

Peepaw has plagued my mind lately...

I don't know how I managed to draw these with a mouse, I think I was dying of boredom at school at the time.

These were a lot of sketchy compared to the others.

I decided to draw Andrew again. I think this might be my favorite drawing out of all the ones I've shown.

Empezando con Spring Security

Spring Security, es una parte del sistema Spring orientado a facilitar los métodos de : Autenticación: verificamos la identidad del usuario. Autorización: tipo de permisos que tiene ese usuario. Esto significa, que previa configuración, nos va a permitir identificar al usuario que está accediendo, y a identificar que permisos tiene, permitiéndonos controlar así, lo que puede hacer en nuestro…

View On WordPress

I find It so funny how people try to make Afton seem like this misunderstood and grieving father meanwhile he has two supernatural clones of himself born out of pure raw agony of dead children.

Like y'all I think he was never a good person to begin with (Also in Into the pit It shows he turned his youngest's death into a part of the menu at freddy's)