Class SecurityConfig

java.lang.Object
com.beassolution.rule.config.SecurityConfig
@EnableWebSecurity @Configuration public class SecurityConfig extends Object
Security configuration class for the Beas Rule Engine.

This class configures the security settings for the application including:

  • OAuth2 JWT token validation
  • CORS configuration for cross-origin requests
  • CSRF protection settings
  • Endpoint access control

The security configuration allows public access to Swagger documentation endpoints while requiring authentication for all other endpoints.

Since:
1.0
Version:
1.0
Author:
Beas Solution Team

  • Constructor Details

    • SecurityConfig

      public SecurityConfig()

  • Method Details

    • securityFilterChain

      @Bean public org.springframework.security.web.SecurityFilterChain securityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Configures the security filter chain for the application.

      This method sets up the complete security configuration including:

      • CORS configuration for cross-origin requests
      • CSRF protection with cookie-based tokens
      • OAuth2 JWT resource server configuration
      • Endpoint authorization rules

      Public endpoints include Swagger UI and API documentation paths. All other endpoints require valid JWT authentication.

      Parameters:
      http - HttpSecurity object to configure
      Returns:
      Configured SecurityFilterChain
      Throws:
      Exception - if configuration fails

    • corsConfigurationSource

      @Bean public org.springframework.web.cors.CorsConfigurationSource corsConfigurationSource()
      Configures CORS settings for cross-origin requests.

      This method sets up CORS configuration to allow requests from any origin with all common HTTP methods and headers. Credentials are disabled for security reasons.

      Returns:
      Configured CorsConfigurationSource