Spaces:
Build error
Build error
| package com.dalab.policyengine.config; | |
| import org.springframework.beans.factory.annotation.Value; | |
| import org.springframework.context.annotation.Bean; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; | |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | |
| import org.springframework.security.config.http.SessionCreationPolicy; | |
| import org.springframework.security.oauth2.jwt.JwtDecoder; | |
| import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; | |
| import org.springframework.security.web.SecurityFilterChain; | |
| public class SecurityConfiguration { | |
| private String issuerUri; | |
| public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { | |
| http | |
| .csrf(csrf -> csrf.disable()) // Typically disable CSRF for stateless REST APIs | |
| .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) | |
| .authorizeHttpRequests(authz -> authz | |
| // Define public endpoints if any (e.g., actuator/health, swagger-ui) | |
| // .requestMatchers("/public/**").permitAll() | |
| .anyRequest().authenticated() // All other requests require authentication | |
| ) | |
| .oauth2ResourceServer(oauth2 -> oauth2 | |
| .jwt(jwt -> jwt.decoder(jwtDecoder())) | |
| ); | |
| return http.build(); | |
| } | |
| public JwtDecoder jwtDecoder() { | |
| // NimbusJwtDecoder automatically fetches the JWK Set URI from the issuer URI | |
| // (e.g., ISSUER_URI/.well-known/openid-configuration or ISSUER_URI/protocol/openid-connect/certs) | |
| return NimbusJwtDecoder.withIssuerLocation(issuerUri).build(); | |
| } | |
| } |