Pessoal, preciso que o acesso ao Swagger seja protegido via Login Form e o acesso à API seja protegido via Token Google.
O acesso ao Swagger estou conseguido aplicar a regra de autenticação, porém quando acesso a API a requisição passa ser verificação alguma.
Segue a classe de configuração:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private StatelessAuthenticationFilter authenticationFilter;
@Bean
public IdentityCacheStore<SecurityUser> identityCacheStore() {
return new IdentityCacheStore<>(SecurityUser.class);
}
@Bean
public Http401AuthenticationEntryPoint clientAuthenticationEntryPoint() {
return new Http401AuthenticationEntryPoint("Unauthorized resource.");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/webjars/springfox-swagger-ui/**", "/swagger-resources/**", "/v2/api-docs");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.exceptionHandling().authenticationEntryPoint(clientAuthenticationEntryPoint());
http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
http.authorizeRequests().anyRequest().authenticated();
http.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Configuration
@Order(1)
public static class SwaggerWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/swagger-ui.html").hasRole("USER")
.and()
.formLogin();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("USER");
auth.eraseCredentials(true);
}
}
}
Algué pode me ajudar e identificar porque o acesso a API não está sendo protegido?