diff --git a/pom.xml b/pom.xml
index dbe116b..141a0c1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,6 +28,10 @@
org.springframework.boot
spring-boot-starter-web
+
+ org.springframework.boot
+ spring-boot-starter-security
+
org.springframework.boot
spring-boot-starter-quartz
@@ -36,10 +40,6 @@
org.flywaydb
flyway-core
-
-
-
-
org.hibernate.validator
hibernate-validator
@@ -181,5 +181,4 @@
-
-
+
\ No newline at end of file
diff --git a/src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityConfig.java b/src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityConfig.java
new file mode 100644
index 0000000..952069d
--- /dev/null
+++ b/src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityConfig.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2024 Consiglio Nazionale delle Ricerche
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+package it.cnr.iit.epas.timesheet.ugovpj.config;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.ToString;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import jakarta.validation.constraints.NotNull;
+
+/**
+ * Contenitore dei parametri di configurazione per l'autenticazione
+ * con i servizi REST dell'applicazione.
+ *
+ * @author Cristian Lucchesi
+ *
+ */
+@Data
+@EqualsAndHashCode
+@ToString
+@Configuration
+@ConfigurationProperties(prefix = "security")
+public class SecurityConfig {
+
+ @NotNull
+ private String username;
+ @NotNull
+ private String password;
+
+}
\ No newline at end of file
diff --git a/src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityFilter.java b/src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityFilter.java
new file mode 100644
index 0000000..bf52a21
--- /dev/null
+++ b/src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityFilter.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2024 Consiglio Nazionale delle Ricerche
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+package it.cnr.iit.epas.timesheet.ugovpj.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+import lombok.RequiredArgsConstructor;
+
+/**
+ * Configurazione della catena di filtri necessaria per la security dell'applicazione.
+ *
+ * @author Cristian Lucchesi
+ *
+ */
+@RequiredArgsConstructor
+@EnableWebSecurity
+@Configuration
+public class SecurityFilter {
+
+ private final SecurityConfig securityConfig;
+
+ // User Creation
+ @Bean
+ public UserDetailsService userDetailsService(PasswordEncoder encoder) {
+
+ // InMemoryUserDetailsManager
+ UserDetails admin = User.withUsername(securityConfig.getUsername())
+ .password(encoder.encode(securityConfig.getPassword()))
+ .build();
+ return new InMemoryUserDetailsManager(admin);
+ }
+
+ /**
+ * Configurazione della catena di filtri di autenticazione da applicare ai metodi REST.
+ */
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ http
+ .authorizeHttpRequests(authorize -> authorize
+ .requestMatchers("/v3/api-docs/**", "/swagger-ui/**").permitAll()
+ .anyRequest().authenticated())
+ .httpBasic(Customizer.withDefaults());
+ return http.build();
+ }
+
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder(8);
+ }
+}
\ No newline at end of file
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index ab4cc11..8ea5b69 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -21,9 +21,15 @@ logging.level.it.cnr.iit.epas=DEBUG
#Impostazioni dell'applicazione
+# Informazioni per l'accesso di questo servizio ai servizi REST di ePAS
epas.server-url=http://localhost:9000
-epas.username=
-epas.password=
+epas.username=epas.timesheet
+epas.password=timesheet
+# Informazioni interne al servizio per la gestione dei dati delle presenze/assenze
timesheet.stampings-type=N
-timesheet.days-in-the-past=90
\ No newline at end of file
+timesheet.days-in-the-past=90
+
+# Utilizzata per autenticare le chiamate REST a questo servizio
+security.username=epas.timesheet
+security.password=timesheet
\ No newline at end of file