Package edu.ucsb.cs156.example.config

Class SecurityConfig

java.lang.Object

org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

edu.ucsb.cs156.example.config.SecurityConfig

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

The `SecurityConfig` class in Java configures web security with OAuth2 login, CSRF protection, and role-based authorization based on user email addresses.

Constructor Summary

Constructors

Constructor	Description
SecurityConfig()

Method Summary

Modifier and Type	Method	Description
protected void	configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)	The `configure` method in this Java code configures various security settings for an HTTP request, including authorization, exception handling, OAuth2 login, CSRF protection, and logout behavior.
void	configure(org.springframework.security.config.annotation.web.builders.WebSecurity web)	The `configure` method is used to configure web security in Java, specifically ignoring requests to the "/h2-console/**" path.
boolean	getAdmin(String email)	This method checks if the given email belongs to an admin user either from a predefined list or by querying the user repository.

Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

authenticationManager, authenticationManagerBean, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityConfig

public SecurityConfig()

Method Details

configure

protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                  throws Exception

The `configure` method in this Java code configures various security settings for an HTTP request, including authorization, exception handling, OAuth2 login, CSRF protection, and logout behavior.

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Parameters:

http - injected HttpSecurity object (injected by Spring framework)

Throws:

Exception

configure

public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web)
               throws Exception

The `configure` method is used to configure web security in Java, specifically ignoring requests to the "/h2-console/**" path.

Specified by:

configure in interface org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Parameters:

web - injected by Spring Framework

Throws:

Exception

getAdmin

public boolean getAdmin(String email)

This method checks if the given email belongs to an admin user either from a predefined list or by querying the user repository.

Parameters:

email - email address of the user

Returns:

whether the user with the given email is an admin