Package edu.ucsb.cs156.frontiers.config

Class SecurityConfig

java.lang.Object
edu.ucsb.cs156.frontiers.config.SecurityConfig
@Configuration @EnableWebSecurity @EnableMethodSecurity public class SecurityConfig extends Object
The `SecurityConfig` class in Java configures web security with OAuth2 login, CSRF protection, and role-based authorization based on user email addresses.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityConfig()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.web.SecurityFilterChain
    filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
    The `filterChain` method in this Java code configures various security settings for an HTTP request, including authorization, exception handling, OAuth2 login, CSRF protection, and logout behavior.
    org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
    idTokenDecoderFactory()
     
    static org.springframework.security.access.hierarchicalroles.RoleHierarchy
    roleHierarchy()
     
    org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
    webSecurityCustomizer()
    The `webSecurityCustomizer` method is used to configure web security in Java, specifically ignoring requests to the "/h2-console/**" path.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SecurityConfig

      public SecurityConfig()

  • Method Details

    • filterChain

      @Bean public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      The `filterChain` method in this Java code configures various security settings for an HTTP request, including authorization, exception handling, OAuth2 login, CSRF protection, and logout behavior.
      Parameters:
      http - injected HttpSecurity object (injected by Spring framework) //
      Throws:
      Exception

    • webSecurityCustomizer

      @Bean public org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer webSecurityCustomizer()
      The `webSecurityCustomizer` method is used to configure web security in Java, specifically ignoring requests to the "/h2-console/**" path.

    • roleHierarchy

      @Bean public static org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy()

    • idTokenDecoderFactory

      @Bean @Profile("microsoft") public org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory idTokenDecoderFactory()