Class SecurityConfig

java.lang.Object
edu.ucsb.cs156.rec.config.SecurityConfig

@Configuration @EnableWebSecurity @EnableMethodSecurity public class SecurityConfig extends Object
The `SecurityConfig` class in Java configures web security with OAuth2 login, CSRF protection, and role-based authorization based on user email addresses.
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.web.SecurityFilterChain
    filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
    The `filterChain` method in this Java code configures various security settings for an HTTP request, including authorization, exception handling, OAuth2 login, CSRF protection, and logout behavior.
    boolean
    This method checks if the given email belongs to an admin user either from a predefined list or by querying the user repository.
    boolean
    This method checks if the given email belongs to a professor user by querying the user repository.
    boolean
    This method checks if the given email belongs to a student user by querying the user repository.
    org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
    The `webSecurityCustomizer` method is used to configure web security in Java, specifically ignoring requests to the "/h2-console/**" path.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • SecurityConfig

      public SecurityConfig()
  • Method Details

    • filterChain

      @Bean public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      The `filterChain` method in this Java code configures various security settings for an HTTP request, including authorization, exception handling, OAuth2 login, CSRF protection, and logout behavior.
      Parameters:
      http - injected HttpSecurity object (injected by Spring framework) //
      Throws:
      Exception
    • webSecurityCustomizer

      @Bean public org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer webSecurityCustomizer()
      The `webSecurityCustomizer` method is used to configure web security in Java, specifically ignoring requests to the "/h2-console/**" path.
    • getAdmin

      public boolean getAdmin(String email)
      This method checks if the given email belongs to an admin user either from a predefined list or by querying the user repository.
      Parameters:
      email - email address of the user
      Returns:
      whether the user with the given email is an admin
    • getProfessor

      public boolean getProfessor(String email)
      This method checks if the given email belongs to a professor user by querying the user repository.
      Parameters:
      email - email address of the user
      Returns:
      whether the user with the given email is a professor
    • getStudent

      public boolean getStudent(String email)
      This method checks if the given email belongs to a student user by querying the user repository.
      Parameters:
      email - email address of the user
      Returns:
      whether the user with the given email is a student