Se maneja la seguridad de apis

parent a022f174
......@@ -5,6 +5,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;
......@@ -34,6 +35,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
loggerAuth.info("Token válido obtenido en el backend: {}", Token);
if (email != null && SecurityContextHolder.getContext().getAuthentication() == null) {
try {
// Autenticar al usuario por correo electrónico
UserDetails userDetails = jwtUserDetailsService.loadUserByUsername(email);
if (userDetails != null) {
......@@ -41,14 +43,19 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
userDetails, null, userDetails.getAuthorities());
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
} catch (UsernameNotFoundException ex) {
// Manejar la excepción y enviar una respuesta adecuada
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("El usuario no es correcto");
response.getWriter().flush();
return;
}
}
if (request.getRequestURI().equals("/api/v1.0/usuarioLogeado")) {
String username = SecurityContextHolder.getContext().getAuthentication().getName(); //Se obtiene el nombre del uuario autenticado
String username = SecurityContextHolder.getContext().getAuthentication().getName(); //Se obtiene el nombre del usuario autenticado
DtoUserLogeado userInfo = jwtUserDetailsService.getUserInfoByUsername(username);
//Se devuelve los datos en formato JSON
ObjectMapper objectMapper = new ObjectMapper();
......@@ -61,4 +68,3 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
filterChain.doFilter(request, response);
}
}
......@@ -3,6 +3,7 @@ package ec.edu.espe.movilidad.MovilidadWS.Security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
......@@ -34,9 +35,9 @@ public class SecurityConfig {
.httpBasic().authenticationEntryPoint(jwtEntryPoint)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.DELETE, "/api/v1.0/**").hasRole("Administrador del Sistema")
.antMatchers("/api/v1.0/**").authenticated()
//.antMatchers("/api/v1.0/**").permitAll()
// .antMatchers("/api/v1.0/**").hasRole("Administrador del Sistema") // Asignar API a rol ADMIN
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment