Package com.example.blogs.app.config

Class SecurityConfig

java.lang.Object

com.example.blogs.app.config.SecurityConfig

@Configuration
@EnableMethodSecurity
public class SecurityConfig
extends Object

Configures Spring Security for a stateless JWT-based API. CSRF protection is disabled as appropriate for stateless REST APIs.

Constructor Summary

Constructors

Constructor	Description
SecurityConfig()

Method Summary

Modifier and Type	Method	Description
org.springframework.security.web.SecurityFilterChain	filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)	Configures the security filter chain with JWT-based stateless authentication.
MessageDigest	messageDigest()	Provides a SHA-256 MessageDigest bean for token hashing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityConfig

public SecurityConfig()

Method Details

filterChain

@Bean
public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                                                                 throws Exception

Configures the security filter chain with JWT-based stateless authentication. Protects /auth/me endpoint and permits all other requests.

Parameters:

http - the HttpSecurity to configure

Returns:

configured SecurityFilterChain

Throws:

Exception - if configuration fails

messageDigest

@Bean
public MessageDigest messageDigest()

Provides a SHA-256 MessageDigest bean for token hashing.

Returns:

SHA-256 MessageDigest instance

Throws:

IllegalStateException - if SHA-256 algorithm is not available