diff --git a/boot/oauth2/src/main/java/com/plate/auth/config/SecurityConfig.java b/boot/oauth2/src/main/java/com/plate/auth/config/SecurityConfig.java index be5e5431..1df0a0ae 100644 --- a/boot/oauth2/src/main/java/com/plate/auth/config/SecurityConfig.java +++ b/boot/oauth2/src/main/java/com/plate/auth/config/SecurityConfig.java @@ -1,5 +1,6 @@ package com.plate.auth.config; +import jakarta.servlet.http.HttpSession; import org.springframework.boot.autoconfigure.security.servlet.PathRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -20,23 +21,49 @@ /** + * Provides the security configuration. * @author Alex bob(Alex Bob) */ - @Configuration(proxyBeanMethods = false) @EnableJpaAuditing public class SecurityConfig { + /** + * Provides a {@link PasswordEncoder} to be used for password storage. + * The {@link PasswordEncoder} is {@link org.springframework.security.crypto.factory.PasswordEncoderFactories#createDelegatingPasswordEncoder()}. + * + * @return a {@link PasswordEncoder} instance + */ @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } + /** + * Publishes {@link HttpSession} events to the Spring + * {@link org.springframework.context.ApplicationEventPublisher} so that + * {@link org.springframework.security.web.session.HttpSessionEventPublisher} + * can be used. + * + * @return an {@link HttpSessionEventPublisher} instance + */ @Bean public HttpSessionEventPublisher httpSessionEventPublisher() { return new HttpSessionEventPublisher(); } + /** + * Configures the {@link SecurityFilterChain} to require authentication for all requests, + * except for static resources at common locations. The {@link SecurityFilterChain} uses + * HTTP Basic authentication and form login. The CSRF protection is enabled, + * and the logout URL is set to {@code /oauth/logout}. The logout handler is set to + * {@link HeaderWriterLogoutHandler} with a {@link ClearSiteDataHeaderWriter} to clear + * the cookies. + * + * @param http the {@link HttpSecurity} instance + * @return the configured {@link SecurityFilterChain} + * @throws Exception if an error occurs while configuring the {@link SecurityFilterChain} + */ @Bean public SecurityFilterChain springSecurity(HttpSecurity http) throws Exception { HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); @@ -50,7 +77,7 @@ public SecurityFilterChain springSecurity(HttpSecurity http) throws Exception { .httpBasic(Customizer.withDefaults()) .formLogin((formLogin) -> formLogin.loginPage("/login").permitAll()) .csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())) - .logout((logout) -> logout.logoutUrl("/oauth2/logout") + .logout((logout) -> logout.logoutUrl("/oauth/logout") .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(COOKIES)))); return http.build(); } diff --git a/boot/oauth2/src/main/java/com/plate/auth/config/WebConfig.java b/boot/oauth2/src/main/java/com/plate/auth/config/WebConfig.java index 6c305abe..3b394879 100644 --- a/boot/oauth2/src/main/java/com/plate/auth/config/WebConfig.java +++ b/boot/oauth2/src/main/java/com/plate/auth/config/WebConfig.java @@ -24,7 +24,19 @@ public class WebConfig implements WebMvcConfigurer { private static final String DATE_FORMAT = "yyyy-MM-dd"; private static final String DATE_TIME_FORMAT = "yyyy-MM-dd HH:mm:ss"; - + /** + * A Jackson2ObjectMapperBuilderCustomizer that configures the Jackson2ObjectMapperBuilder to use custom date and time + * formats for serialization and deserialization. + * + *

This customizer sets up the following formats for: + *

+ * + * @return A non-null Jackson2ObjectMapperBuilderCustomizer instance that configures the mapper with the custom date + * and time formats. + */ @Bean public Jackson2ObjectMapperBuilderCustomizer jsonCustomizer() { return builder -> {